Edit tour

Windows Analysis Report
SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Overview

General Information

Sample name:	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe
Analysis ID:	1417366
MD5:	12cba957e6008442696a276d44fd60f5
SHA1:	7038d228bb77cd86871202249839e0e8baaaacc6
SHA256:	64a40e5ff36383163b44a06e4672084952bd82ef5e10069c9f4c6557cdf57572
Tags:	exe
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

System is w10x64

SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe (PID: 6680 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe" MD5: 12CBA957E6008442696A276D44FD60F5)

conhost.exe (PID: 6700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

File created: C:\Users\user\Desktop\Asr\How to uninstall.txt

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\Default\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\mame4\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\Win8\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusAnime\Note\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\Default\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\Mame\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\MameHip\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\SimpleNumbers\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\??????????readme 1st.txt	Jump to behavior

Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\LockProcess.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\x64\Release\AdobeReader.pdb%% GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\Win32\Release\Txv.pdbEE/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\x64\Release\AsrLoad.pdb--)GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellCascadeWindows.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MakeBigFile.pdbAA.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ScreenSaver.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellUndoMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileReproduction.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExecute.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionCheck.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\x64\Release\MediaPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExport.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DriveInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Export.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Export.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\Win32\Release\InternetExplore.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Export.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Export.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileAttribute.pdb@@/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\FileRenameEx\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileHorizontally.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\Win32\Release\Associate.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileHorizontally.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLocalTumb.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellMinimizeALL.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Txv\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Txv.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgImgFmt.pdbCC2GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeSelfExtract.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeSelfExtract.exe0.0.dr, MakeSelfExtract.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SimilarCopy.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExecute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgTxtFmt.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DivFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MkDir.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SettingInitialization.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellSetTime.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileCpMv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\MArc\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.dll0.0.dr, MArc.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DivFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SettingInitialization.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Fin\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellSetTime.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileInfo.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\Win32\Release\Test32.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test32.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\Win32\Release\MediaPlayer.pdb))"GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ScreenSaver.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\Release\MArc.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, MArc.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\FileRenameEx\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNameCp.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileReproduction.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DriveInfo.pdb==/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\Win32\Release\AdobeReader.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLink.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MemInfo.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionCheck.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MoveFolder.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\x64\Release\AdobeReader.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRename.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateErrorReport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellUndoMinimizeALL.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe0.0.dr
Source:	Binary string: 0.ncb;.suo;.scc;.aps;.obj;.pdb;.res;.idb;.dep;.pch;.tlb;.ilk source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, _Filter.txt.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\x64\Release\Brws.pdb??-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DivFile.pdbAA2GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Seeker\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Seeker.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\LockProcess.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DivFile.pdbBB3GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcPack.pdbMM/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcPack.exe0.0.dr, ArcPack.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileCpMv.pdbEE.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRenameEx.pdbEE0GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\x64\Release\Unreg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\x64\Release\AsrLoad.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MakeBigFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RmHardware.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionInfo.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\Win32\Release\Seeker.pdbff/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRename.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MemInfo.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\Win32\Release\AsrLoad.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FolderIconChange.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileAttribute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\Win32\Release\MediaPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Export.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Export.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileDelete.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\x64\Release\Brws.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileAttribute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNameCp.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellStartMenu.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileVertically.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeArchive.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeArchive.exe.0.dr, MakeArchive.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcPack.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcPack.exe0.0.dr, ArcPack.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MemInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Txv\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileCpMv.pdbFF/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLink.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileDelete.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileVertically.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionCheck.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRename.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MemInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRenameEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\Win32\Release\Txv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\x64\Release\InternetExplore.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\WinEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, WinEx.exe.0.dr, WinEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\Win32\Release\Fin.pdbPP/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLocalTumb.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellWinHELP.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\Win32\Release\Unreg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcUnPack.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcUnPack.exe.0.dr, ArcUnPack.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SimilarCopy.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\x64\Release\Associate.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FreeMem.pdb--)GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SimilarCopy.pdbBB.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileHorizontally.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\x64\Release\Seeker.pdbee.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\x64\Release\Txv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DriveInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeBigFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MoveFolder.pdbBB.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Asr\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.ja-JP.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Option.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Option.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\UpdateAsr\Win32\Release\UpdateAsr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\x64\Release\Associate.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\x64\Release\Unreg.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MoveFolder.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNewEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RemoveZoneID.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellWinHELP.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\x64\Release\MediaPlayer.pdb((!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll0.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\Win32\Release\Test32.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test32.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileHorizontally.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExecute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\Win32\Release\AdobeReader.pdb&&!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\WinEx.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, WinEx.exe.0.dr, WinEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\Win32\Release\Brws.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateTumbImg.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\x64\Release\Fin.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgTxtFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Asr\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.ja-JP.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgImgFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FolderIconChange.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\Win32\Release\Associate.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRenameEx.pdbDD/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ScreenSaver.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeSelfExtract.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeSelfExtract.exe0.0.dr, MakeSelfExtract.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgTxtFmt.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FreeMem.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellSetTime.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeBigFile.pdbBB/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\x64\Release\Txv.pdbDD.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\x64\Release\Seeker.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\FirstSetting\Win32\Release\FirstSetting.pdbw source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FolderIconChange.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Asr\x64\Release\Asr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RmHardware.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RemoveZoneID.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\Win32\Release\InternetExplore.pdb((!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\Win32\Release\Seeker.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRenameEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileDelete.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLink.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNewEx.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\RealPlayer\Win32\Release\RealPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RealPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\LockProcess.pdbBB1GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\SendToCompress\Release\SendToCompress.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SendToCompress.exe0.0.dr, SendToCompress.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\x64\Release\InternetExplore.pdb'' GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileCpMv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SettingInitialization.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\Win32\Release\Brws.pdb@@.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileShortcut.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileReproduction.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellUndoMinimizeALL.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLink.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\Win32\Release\Unreg.pdb==/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SimilarCopy.pdbCC/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\BindFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, BindFile._xe0.0.dr, BindFile._xe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateTumbImg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellCascadeWindows.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateErrorReport.pdb66 source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgTxtFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellStartMenu.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\LockProcess.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExecute.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNewEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileInfo.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcDllInfo.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcDllInfo.exe.0.dr, ArcDllInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DriveInfo.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MkDir.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FreeMem.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionInfo.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Seeker\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.dll.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\x64\Release\Test64.pdb,,(GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test64.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe0.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\x64\Release\Test64.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test64.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcUnPack.pdbDD/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcUnPack.exe.0.dr, ArcUnPack.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\SendToExtract\Release\SendToExtract.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SendToExtract.exe.0.dr, SendToExtract.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionCheck.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\RealPlayer\Win32\Release\RealPlayer.pdb&&!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RealPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileReproduction.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Option.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Option.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileShortcut.pdb@@.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellStartMenu.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellCascadeWindows.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellSetTime.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\Win32\Release\Fin.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgImgFmt.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellWinHELP.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\Release\MArc.pdbXX/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, MArc.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Asr\Win32\Release\Asr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Export.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Export.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRename.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellCascadeWindows.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcDllInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcDllInfo.exe.0.dr, ArcDllInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNewEx.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RmHardware.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellUndoMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateErrorReport.pdb77 source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileDelete.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FolderIconChange.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNameCp.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellMinimizeALL.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeArchive.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeArchive.exe.0.dr, MakeArchive.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellWinHELP.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNameCp.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\FirstSetting\Win32\Release\FirstSetting.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\Win32\Release\AsrLoad.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ScreenSaver.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileShortcut.pdb??-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Fin\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MkDir.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileVertically.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\BindFile.pdb((&GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, BindFile._xe0.0.dr, BindFile._xe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateErrorReport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellStartMenu.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RemoveZoneID.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileShortcut.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLocalTumb.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MkDir.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RemoveZoneID.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExport.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RmHardware.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateTumbImg.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLocalTumb.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MoveFolder.pdbCC/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileAttribute.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\UpdateAsr\Win32\Release\UpdateAsr.pdbs source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\x64\Release\Fin.pdbOO.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Brws\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileVertically.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgImgFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Brws\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FreeMem.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateTumbImg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SettingInitialization.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe.0.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Code function: 0_2_0040546D FindFirstFileW,

0_2_0040546D

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr, Seeker.exe0.0.dr, Brws.exe0.0.dr	String found in binary or memory: http://ftp://.exe
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr, VersionCheck.exe.0.dr	String found in binary or memory: http://hp.vector.co.jp/authors/VA020799/asr_verinfo.cgiasr
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	String found in binary or memory: http://hp.vector.co.jp/authors/VA033418/)
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr	String found in binary or memory: http://search.msn.co.jp/?FORM=HPRECChildFrameSoftware
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr	String found in binary or memory: http://search.msn.co.jp/?FORM=HPREFavoritesSoftware
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to update.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/1st/document/02_04.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/1st/document/02_05.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/Appendix.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/AppendixRuntime.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/2.install/01.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to uninstall.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/2.install/04.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to update.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/2.install/05.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/01.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/02.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/05.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/07.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	String found in binary or memory: http://www.all.undo.jp/asr/man5/9.Infomation/1.Usage/01.html
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, report.ja-JP.0.dr, report.ja-JP0.0.dr	String found in binary or memory: http://www.all.undo.jp/cgi/report/report.cgi
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr, VersionCheck.exe0.0.dr, VersionCheck.exe.0.dr	String found in binary or memory: https://all.undo.jp/
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr	String found in binary or memory: https://all.undo.jp/Invalid
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/AppendixRuntime.htmlhttps://all.undo.jp/asr/Appendix.htmlSuccessful
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/AppendixRuntime.htmlopenhttps://all.undo.jp/asr/Appendix.htmlSuccessful
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr, Seeker.exe0.0.dr, Brws.exe0.0.dr, FileRenameEx.exe0.0.dr, FileRenameEx.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Option.exe0.0.dr, FileNameCp.exe0.0.dr, ArcPack.exe0.0.dr, FileAttribute.exe0.0.dr, Export.exe.0.dr, ArcPack.exe.0.dr, FileCpMv.exe0.0.dr, Export.exe0.0.dr, MakeSelfExtract.exe0.0.dr, CreateLocalTumb.exe0.0.dr, ArcDllInfo.exe.0.dr, FileInfo.exe.0.dr, WinEx.exe.0.dr, FileRename.exe0.0.dr, FileDelete.exe0.0.dr, FileNewEx.exe0.0.dr, FileNewEx.exe.0.dr, SettingInitialization.exe.0.dr, CreateLocalTumb.exe.0.dr, MoveFolder.exe0.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/%s%s%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/9.Infomation/1.Usage/01.htmlopen
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr, MakeBigFile.exe0.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/Kernel32.dllSetDefaultDllDirectoriesMakeBigFile
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, Txv.exe.0.dr, Brws.exe.0.dr, Txv.exe0.0.dr, MArc.exe.0.dr, MkDir.exe.0.dr, Seeker.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/notepad%s%s%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr, Asr.exe.0.dr	String found in binary or memory: https://all.undo.jp/asr/man5/notepadwb
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, Txv.exe.0.dr, Brws.exe.0.dr, Txv.exe0.0.dr, MArc.exe.0.dr, MkDir.exe.0.dr, Seeker.exe.0.dr	String found in binary or memory: https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s%s%s(%d)%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr, Asr.exe.0.dr	String found in binary or memory: https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s(%d)%s?:

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0040D6E0	0_2_0040D6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00413723	0_2_00413723
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00417BF6	0_2_00417BF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00425051	0_2_00425051
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00423070	0_2_00423070
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_004210E0	0_2_004210E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0042512B	0_2_0042512B
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00423280	0_2_00423280
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0041C5C0	0_2_0041C5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_004026E4	0_2_004026E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0041F756	0_2_0041F756
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_004237A0	0_2_004237A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_004067A8	0_2_004067A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00423960	0_2_00423960
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00423E50	0_2_00423E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00424EC3	0_2_00424EC3
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0041FE90	0_2_0041FE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0041CFE0	0_2_0041CFE0

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: String function: 00424810 appears 190 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: String function: 004037CA appears 64 times

Source: FreeMem.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AsrLoad.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: FreeMem.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: AsrLoad.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: FirstSetting.exe.0.dr	Static PE information: Resource name: None type: DOS executable (COM)
Source: FirstSetting.exe.0.dr	Static PE information: Resource name: None type: DOS executable (COM)

Source: ICON.dll0.0.dr	Static PE information: No import functions for PE file found
Source: ICON.dll.0.dr	Static PE information: No import functions for PE file found

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Section loaded: apphelp.dll

Jump to behavior

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	Binary or memory string: RemoveSelectItems = .txt;.sln
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	Binary or memory string: RemoveSelectItems = !.txt;.sln
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	Binary or memory string: RemoveSelectItems = ! .txt;.sln
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	Binary or memory string: 0.txt;.slnk0

Source: classification engine

Classification label: clean6.winEXE@2/411@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

File created: C:\Users\user\Desktop\Asr

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6700:120:WilError_03

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchVisible.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/up.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Stop.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Stop.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Stop.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/TreeVisible.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/up.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/mame4/AddressBar/Back.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/mame4/AddressBar/Forward.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchClose.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/InstallTest/Test32.exe
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/FilterDlg.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/InstallTest/Test64.exe
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/FilterVisible.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchHighlighting.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/mame4/AddressBar
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/Forward.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchNext.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/Go.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchPrev.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/History.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/SerchSelect.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/Refresh.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/FilterVisible.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Forward.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Go.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/History.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Refresh.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Win8/AddressBar/Back.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/InstallTest
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/Back.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/FilterClear.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/FilterClose.bmp
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	String found in binary or memory: Asr/Common/img/Default/AddressBar/FilterDlg.bmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe "C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

File written: C:\Users\user\Desktop\Asr\Common\img\Win8\TabImg\img.ini

Jump to behavior

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Static file information: File size 3794785 > 1048576

Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\LockProcess.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\x64\Release\AdobeReader.pdb%% GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\Win32\Release\Txv.pdbEE/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\x64\Release\AsrLoad.pdb--)GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellCascadeWindows.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MakeBigFile.pdbAA.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ScreenSaver.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellUndoMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileReproduction.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExecute.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionCheck.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\x64\Release\MediaPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExport.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DriveInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Export.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Export.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\Win32\Release\InternetExplore.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Export.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Export.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileAttribute.pdb@@/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\FileRenameEx\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileHorizontally.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\Win32\Release\Associate.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileHorizontally.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLocalTumb.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellMinimizeALL.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Txv\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Txv.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgImgFmt.pdbCC2GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeSelfExtract.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeSelfExtract.exe0.0.dr, MakeSelfExtract.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SimilarCopy.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExecute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgTxtFmt.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DivFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MkDir.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SettingInitialization.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellSetTime.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileCpMv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\MArc\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.dll0.0.dr, MArc.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DivFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SettingInitialization.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Fin\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellSetTime.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileInfo.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\Win32\Release\Test32.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test32.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\Win32\Release\MediaPlayer.pdb))"GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ScreenSaver.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\Release\MArc.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, MArc.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\FileRenameEx\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNameCp.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileReproduction.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DriveInfo.pdb==/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\Win32\Release\AdobeReader.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLink.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MemInfo.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionCheck.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MoveFolder.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\x64\Release\AdobeReader.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRename.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateErrorReport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellUndoMinimizeALL.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe0.0.dr
Source:	Binary string: 0.ncb;.suo;.scc;.aps;.obj;.pdb;.res;.idb;.dep;.pch;.tlb;.ilk source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, _Filter.txt.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\x64\Release\Brws.pdb??-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DivFile.pdbAA2GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Seeker\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Seeker.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\LockProcess.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DivFile.pdbBB3GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DivFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcPack.pdbMM/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcPack.exe0.0.dr, ArcPack.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileCpMv.pdbEE.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRenameEx.pdbEE0GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\x64\Release\Unreg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\x64\Release\AsrLoad.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MakeBigFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RmHardware.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionInfo.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\Win32\Release\Seeker.pdbff/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRename.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MemInfo.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\Win32\Release\AsrLoad.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FolderIconChange.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileAttribute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\Win32\Release\MediaPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Export.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Export.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileDelete.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\x64\Release\Brws.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileAttribute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNameCp.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellStartMenu.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileVertically.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeArchive.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeArchive.exe.0.dr, MakeArchive.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcPack.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcPack.exe0.0.dr, ArcPack.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MemInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Txv\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileCpMv.pdbFF/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLink.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileDelete.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileVertically.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionCheck.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRename.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MemInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MemInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRenameEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\Win32\Release\Txv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\x64\Release\InternetExplore.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\WinEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, WinEx.exe.0.dr, WinEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\Win32\Release\Fin.pdbPP/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLocalTumb.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellWinHELP.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\Win32\Release\Unreg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcUnPack.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcUnPack.exe.0.dr, ArcUnPack.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SimilarCopy.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\x64\Release\Associate.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FreeMem.pdb--)GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SimilarCopy.pdbBB.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileHorizontally.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\x64\Release\Seeker.pdbee.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\x64\Release\Txv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\DriveInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeBigFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MoveFolder.pdbBB.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Asr\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.ja-JP.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Option.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Option.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\UpdateAsr\Win32\Release\UpdateAsr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\x64\Release\Associate.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\x64\Release\Unreg.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MoveFolder.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNewEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RemoveZoneID.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellWinHELP.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\MediaPlayer\x64\Release\MediaPlayer.pdb((!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MediaPlayer.dll0.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\Win32\Release\Test32.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test32.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileHorizontally.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileHorizontally.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExecute.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\AdobeReader\Win32\Release\AdobeReader.pdb&&!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AdobeReader.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\WinEx.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, WinEx.exe.0.dr, WinEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\Win32\Release\Brws.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateTumbImg.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\x64\Release\Fin.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgTxtFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Asr\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.ja-JP.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgImgFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FolderIconChange.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Associate\Win32\Release\Associate.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Associate.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileRenameEx.pdbDD/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ScreenSaver.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeSelfExtract.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeSelfExtract.exe0.0.dr, MakeSelfExtract.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgTxtFmt.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FreeMem.pdb..*GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellSetTime.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeBigFile.pdbBB/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Txv\x64\Release\Txv.pdbDD.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\x64\Release\Seeker.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\FirstSetting\Win32\Release\FirstSetting.pdbw source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FolderIconChange.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Asr\x64\Release\Asr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RmHardware.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RemoveZoneID.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\Win32\Release\InternetExplore.pdb((!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Seeker\Win32\Release\Seeker.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRenameEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRenameEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileDelete.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLink.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNewEx.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\RealPlayer\Win32\Release\RealPlayer.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RealPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\LockProcess.pdbBB1GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\SendToCompress\Release\SendToCompress.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SendToCompress.exe0.0.dr, SendToCompress.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\InternetExplore\x64\Release\InternetExplore.pdb'' GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, InternetExplore.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileCpMv.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileCpMv.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\SettingInitialization.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Brws\Win32\Release\Brws.pdb@@.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileShortcut.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileReproduction.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellUndoMinimizeALL.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLink.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLink.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\Unreg\Win32\Release\Unreg.pdb==/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Unreg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SimilarCopy.pdbCC/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SimilarCopy.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\BindFile.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, BindFile._xe0.0.dr, BindFile._xe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateTumbImg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellCascadeWindows.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateErrorReport.pdb66 source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ChgTxtFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ChgTxtFmt.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellStartMenu.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\LockProcess.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, LockProcess.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExecute.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExecute.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNewEx.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileInfo.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcDllInfo.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcDllInfo.exe.0.dr, ArcDllInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\DriveInfo.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, DriveInfo.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MkDir.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FreeMem.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\VersionInfo.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Seeker\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.dll.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\x64\Release\Test64.pdb,,(GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test64.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileExport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe0.0.dr
Source:	Binary string: C:\Asr879_3b\Asr\RootCmd\Test\x64\Release\Test64.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Test64.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcUnPack.pdbDD/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcUnPack.exe.0.dr, ArcUnPack.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\SendToExtract\Release\SendToExtract.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SendToExtract.exe.0.dr, SendToExtract.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\VersionCheck.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\PreviewPlugin\RealPlayer\Win32\Release\RealPlayer.pdb&&!GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RealPlayer.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileReproduction.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileReproduction.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\Option.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Option.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileShortcut.pdb@@.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellStartMenu.pdb;;.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellCascadeWindows.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellSetTime.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellSetTime.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\Win32\Release\Fin.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgImgFmt.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellWinHELP.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\MArc\Release\MArc.pdbXX/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, MArc.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Asr\Win32\Release\Asr.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\Export.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Export.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileRename.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileRename.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellCascadeWindows.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellCascadeWindows.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ArcDllInfo.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ArcDllInfo.exe.0.dr, ArcDllInfo.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNewEx.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNewEx.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RmHardware.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellUndoMinimizeALL.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellUndoMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateErrorReport.pdb77 source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileDelete.pdb>>-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileDelete.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FolderIconChange.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FolderIconChange.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileNameCp.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellMinimizeALL.pdb<<.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellMinimizeALL.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MakeArchive.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeArchive.exe.0.dr, MakeArchive.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellWinHELP.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellWinHELP.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileNameCp.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileNameCp.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\FirstSetting\Win32\Release\FirstSetting.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\AsrLoad\Win32\Release\AsrLoad.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, AsrLoad.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ScreenSaver.pdb;;-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ScreenSaver.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileShortcut.pdb??-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Fin\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Fin.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MkDir.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\ShellTileVertically.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\BindFile.pdb((&GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, BindFile._xe0.0.dr, BindFile._xe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateErrorReport.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateErrorReport.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellStartMenu.pdb::-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellStartMenu.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RemoveZoneID.pdb==-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileShortcut.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, FileShortcut.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateLocalTumb.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MkDir.pdb>>.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\RemoveZoneID.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, RemoveZoneID.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileExport.pdb<<-GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileExport.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\RmHardware.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, RmHardware.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\CreateTumbImg.pdb==.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateLocalTumb.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateLocalTumb.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\MoveFolder.pdbCC/GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MoveFolder.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FileAttribute.pdb??.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FileAttribute.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\RootCmd\UpdateAsr\Win32\Release\UpdateAsr.pdbs source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\Viewer\Fin\x64\Release\Fin.pdbOO.GCTL source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Fin.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Brws\Win32\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.dll.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ShellTileVertically.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ShellTileVertically.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\ChgImgFmt.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, ChgImgFmt.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\ResourceDll\src\Brws\x64\Release\resource.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.dll0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\FreeMem.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FreeMem.exe0.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\x64\Release\CreateTumbImg.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, CreateTumbImg.exe.0.dr
Source:	Binary string: C:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\SettingInitialization.pdb source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, SettingInitialization.exe.0.dr

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Static PE information: section name: .sxdata
Source: UpdateAsr.exe.0.dr	Static PE information: section name: .giats
Source: FirstSetting.exe.0.dr	Static PE information: section name: .giats

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_0041D260 push ecx; mov dword ptr [esp], ecx	0_2_0041D261
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00424810 push eax; ret	0_2_0042482E
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Code function: 0_2_00424B90 push eax; ret	0_2_00424BBE

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\MArc\MArc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MakeSelfExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\RmHardware.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\MArc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileNameCp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\Associate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellStartMenu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\AdobeReader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\Brws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\VersionCheck.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FolderIconChange.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\Seeker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\Seeker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\DriveInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ChgImgFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileNewEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellSetTime.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\SimilarCopy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\ICON.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\Asr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellUndoMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellTileHorizontally.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\Lang\Asr.ja-JP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\VersionInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MakeBigFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\CreateTumbImg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\CreateLink.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\AsrLoad.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileReproduction.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FreeMem.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ScreenSaver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellWinHELP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\ICON.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileExecute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\CreateTumbImg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ArcDllInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\MediaPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellCascadeWindows.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\Option.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileReproduction.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\Asr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ChgImgFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\VersionCheck.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileNewEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellTileHorizontally.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileExport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileCpMv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileAttribute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\CreateLink.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\CreateErrorReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\RmHardware.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\SendToCompress.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\RealPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\Brws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\LockProcess.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileCpMv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Txv\Txv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\VersionInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ChgTxtFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Brws\Brws.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\DivFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileRename.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\Unreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Fin\Fin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\LockProcess.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\Associate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\MArc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ArcUnPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\SettingInitialization.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellWinHELP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ScreenSaver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellCascadeWindows.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellStartMenu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\SendToExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MkDir.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileDelete.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Seeker\Seeker.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellUndoMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\InternetExplore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\WinEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\InstallTest\Test64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MkDir.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\Fin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileRenameEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\DivFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MakeArchive.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\RemoveZoneID.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileShortcut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\AsrLoad.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\SimilarCopy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\InternetExplore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\FirstSetting.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileRenameEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\SendToCompress.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileShortcut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\RemoveZoneID.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MemInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ArcPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\Lang\Asr.ja-JP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MoveFolder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Brws\Brws.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\Option.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ShellTileVertically.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MakeBigFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileRename.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\Txv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\Export.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\UpdateAsr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\Fin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\MArc\MArc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MakeSelfExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\Export.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\SendToExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileDelete.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Seeker\Seeker.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\AdobeReader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileExecute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Viewer\Txv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\CreateLocalTumb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Fin\Fin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FileAttribute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\BindFile._xe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\CreateErrorReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MoveFolder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ArcDllInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ArcPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\MediaPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\CreateLocalTumb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\InstallTest\Test32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\ArcUnPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FreeMem.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\MakeArchive.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\SettingInitialization.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellTileVertically.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileExport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\MemInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\BindFile._xe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\FolderIconChange.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Txv\Txv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ChgTxtFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\FileNameCp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\DriveInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\WinEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\ShellSetTime.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\Unreg.exe	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x64\command\Default\BindFile._xe			Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\x86\command\Default\BindFile._xe			Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

File created: C:\Users\user\Desktop\Asr\How to uninstall.txt

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\Default\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\mame4\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\img\Win8\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusAnime\Note\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\Default\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\Mame\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\MameHip\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\Common\StatusImg\SimpleNumbers\Readme.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	File created: C:\Users\user\Desktop\Asr\??????????readme 1st.txt	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\MArc\MArc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MakeSelfExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\RmHardware.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\MArc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileNameCp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\Associate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellStartMenu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\Brws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\AdobeReader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\VersionCheck.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FolderIconChange.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\Seeker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\DriveInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\Seeker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ChgImgFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellSetTime.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileNewEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\ICON.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\SimilarCopy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\Asr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellUndoMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellTileHorizontally.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\Lang\Asr.ja-JP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\VersionInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MakeBigFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\CreateTumbImg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\CreateLink.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileReproduction.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\AsrLoad.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FreeMem.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellWinHELP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ScreenSaver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\ICON.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileExecute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\CreateTumbImg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ArcDllInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\MediaPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellCascadeWindows.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileReproduction.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\Asr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\Option.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ChgImgFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\VersionCheck.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileNewEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileExport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellTileHorizontally.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileCpMv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileAttribute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\CreateLink.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\CreateErrorReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\RmHardware.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\SendToCompress.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\RealPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\Brws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\LockProcess.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileCpMv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Txv\Txv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\VersionInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Brws\Brws.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ChgTxtFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\DivFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\Unreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileRename.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Fin\Fin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\LockProcess.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\Associate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\MArc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ArcUnPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\SettingInitialization.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ScreenSaver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellWinHELP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellStartMenu.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellCascadeWindows.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\SendToExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MkDir.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileDelete.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Seeker\Seeker.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellUndoMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\PvPlugIn\InternetExplore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\WinEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\InstallTest\Test64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MkDir.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileRenameEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\Fin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\DivFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MakeArchive.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\RemoveZoneID.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileShortcut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\AsrLoad.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\SimilarCopy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\InternetExplore.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\FirstSetting.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileRenameEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\SendToCompress.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileShortcut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MemInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\RemoveZoneID.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ArcPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\Lang\Asr.ja-JP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\Brws\Brws.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MoveFolder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\Option.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ShellTileVertically.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MakeBigFile.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileRename.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\Txv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\Export.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\Fin.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\UpdateAsr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\.ja-JP\MArc\MArc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MakeSelfExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\Export.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\SendToExtract.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileDelete.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Seeker\Seeker.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\AdobeReader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Viewer\Txv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileExecute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\CreateLocalTumb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Fin\Fin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\BindFile._xe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FileAttribute.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\CreateErrorReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MoveFolder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ArcPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ArcDllInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\PvPlugIn\MediaPlayer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\CreateLocalTumb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\InstallTest\Test32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\ArcUnPack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\MakeArchive.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FreeMem.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\SettingInitialization.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellTileVertically.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileExport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\MemInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\BindFile._xe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Viewer\.ja-JP\Txv\Txv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\FolderIconChange.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ChgTxtFmt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellMinimizeALL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\FileNameCp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\DriveInfo.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x64\command\Default\WinEx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\Unreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\Asr\x86\command\Default\ShellSetTime.exe	Jump to dropped file

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Code function: 0_2_0040546D FindFirstFileW,

0_2_0040546D

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Code function: 0_2_00406A50 GetSystemInfo,

0_2_00406A50

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1685771006.00000000022BD000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: MCvMCIME

Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr	Binary or memory string: {0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}Software\AMA_Soft\ASR\Command\%4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB %4dTB"%4dPB"%4dEB%4.2fKB%sKB%s%s%s%s"Shell_TrayWnd"\\\/\.\\MPR.DLLWNetGetUniversalNameWshell32.dll%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: {0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}Software\AMA_Soft\ASR\Command\%4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%4.2fKB%sKB%s%s%s%s ""Shell_TrayWnd""\\\/\.\MPR.DLLWNetGetUniversalNameWshell32.dll\%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Seeker.exe0.0.dr	Binary or memory string: {0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}Software\AMA_Soft\ASR\Command\%4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB %4dPB"%4dEB"%4.2fKB%sKB%s%s%s%sShell_TrayWnd""\\\/\.\MPR.DLLWNetGetUniversalNameWshell32.dll\\%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe.0.dr	Binary or memory string: VERSION.dll%4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%sKB%s%s "Shell_TrayWnd\\/.MPR.DLLWNetGetUniversalNameWshell32.dll%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: %4.0f{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}Software\AMA_Soft\ASR\Command\%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%4.2fKB%sKB%s%s%s%s ""Shell_TrayWnd""\\\/\.\MPR.DLLWNetGetUniversalNameWshell32.dll\%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: %sShell_TrayWndNoDrives%c:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer%c:\\%d/%s%s %s%sTimeout!
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr	Binary or memory string: %sShell_TrayWndNoDrives%d/%s%sSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer%c:\%c:\%s %swbTimeout!
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr	Binary or memory string: VERSION.dll%4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%sKB%s%s "Shell_TrayWnd\\/.MPR.DLLWNetGetUniversalNameWshell32.dll%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681216109.00000000029F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1681364289.0000000002B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: %sShell_TrayWndNoDrivesSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer%c:\%c:\\%d/%s%s %s%s\Timeout!
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Txv.exe0.0.dr	Binary or memory string: {0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}{0F04AF43-7B85-46A5-A0A7-6D323A84AD7C}Software\AMA_Soft\ASR\Command\%4.0f%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%4.2fKB%sKB%s%s%s%sShell_TrayWndMPR.DLL%s
Source: Asr.exe0.0.dr	Binary or memory string: !Error of PostMessageBarBusy!System error of counter = %dProgram ManagerProgman%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %lld %lldWindowStateSet
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: %s\Shell_TrayWndNoDrivesSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer%c:\%c:\\%d/%s\%s %s%sTimeout!
Source: Asr.exe.0.dr	Binary or memory string: !Error of PostMessageBarBusy!System error of counter = %dProgram ManagerProgman%d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %d %lld %lldWindowStateSetx
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr	Binary or memory string: %s\Shell_TrayWnd\NoDrives%d/%s%sSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer%c:\%c:\%s %s\\Timeout!
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr	Binary or memory string: %4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB %4dPB"%4dEB"%4.2fKB%sKB%s%s%s%sShell_TrayWnd""\\\/\.\MPR.DLLWNetGetUniversalNameWshell32.dll\\%s
Source: SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, Brws.exe.0.dr, MArc.exe.0.dr	Binary or memory string: %4.0f%4.2fKB%4.2fMB%4.2fGB%4.2fTB%4.2fPB%4.2fEB%4d%4dKB%4dMB%4dGB%4dTB%4dPB%4dEB%4.2fKB%sKB%s%s%s%s ""Shell_TrayWnd""\\\/\.\MPR.DLLWNetGetUniversalNameWshell32.dll\%s

Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Code function: 0_2_0041D480 GetVersionExW,

0_2_0041D480

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	3 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	7%	ReversingLabs
SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe	3%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\Desktop\Asr\FirstSetting.exe	4%	ReversingLabs
C:\Users\user\Desktop\Asr\FirstSetting.exe	1%	Virustotal	Browse
C:\Users\user\Desktop\Asr\InstallTest\Test32.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\InstallTest\Test32.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\InstallTest\Test64.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\InstallTest\Test64.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\UpdateAsr.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\UpdateAsr.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\Asr.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\Asr.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\AsrLoad.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\AsrLoad.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\Associate.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\Associate.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\Lang\Asr.ja-JP.dll	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\Lang\Asr.ja-JP.dll	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\Unreg.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\Unreg.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\.ja-JP\FileRenameEx\FileRenameEx.dll	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\ArcDllInfo.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\ArcDllInfo.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\ArcPack.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\ArcPack.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\ArcUnPack.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\ArcUnPack.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\BindFile._xe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\BindFile._xe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\ChgImgFmt.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\ChgImgFmt.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\ChgTxtFmt.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\ChgTxtFmt.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\CreateErrorReport.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\CreateErrorReport.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\CreateLink.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\CreateLink.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\CreateLocalTumb.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\CreateLocalTumb.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\CreateTumbImg.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\CreateTumbImg.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\DivFile.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\DivFile.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\DriveInfo.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\DriveInfo.exe	0%	Virustotal	Browse
C:\Users\user\Desktop\Asr\x64\command\Default\Export.exe	0%	ReversingLabs
C:\Users\user\Desktop\Asr\x64\command\Default\Export.exe	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://hp.vector.co.jp/authors/VA020799/asr_verinfo.cgiasr	0%	Avira URL Cloud	safe
http://ftp://.exe	0%	Avira URL Cloud	safe
https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s(%d)%s?:	0%	Avira URL Cloud	safe
http://hp.vector.co.jp/authors/VA033418/)	0%	Avira URL Cloud	safe
http://search.msn.co.jp/?FORM=HPREFavoritesSoftware	0%	Avira URL Cloud	safe
http://search.msn.co.jp/?FORM=HPRECChildFrameSoftware	0%	Avira URL Cloud	safe
https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s%s%s(%d)%s	0%	Avira URL Cloud	safe
http://hp.vector.co.jp/authors/VA033418/)	1%	Virustotal		Browse
http://search.msn.co.jp/?FORM=HPRECChildFrameSoftware	0%	Virustotal		Browse
http://hp.vector.co.jp/authors/VA020799/asr_verinfo.cgiasr	1%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.all.undo.jp/asr/AppendixRuntime.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://ftp://.exe	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr, Seeker.exe0.0.dr, Brws.exe0.0.dr	false	Avira URL Cloud: safe	low
http://hp.vector.co.jp/authors/VA020799/asr_verinfo.cgiasr	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionCheck.exe0.0.dr, VersionCheck.exe.0.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://all.undo.jp/asr/man5/notepad%s%s%s	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, Txv.exe.0.dr, Brws.exe.0.dr, Txv.exe0.0.dr, MArc.exe.0.dr, MkDir.exe.0.dr, Seeker.exe.0.dr	false		high
http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/05.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	false		high
http://www.all.undo.jp/	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://www.all.undo.jp/asr/	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
https://all.undo.jp/asr/AppendixRuntime.htmlopenhttps://all.undo.jp/asr/Appendix.htmlSuccessful	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, UpdateAsr.exe.0.dr	false		high
http://hp.vector.co.jp/authors/VA033418/)	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, history.txt.0.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.all.undo.jp/asr/1st/document/02_05.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://www.all.undo.jp/asr/man5/2.install/05.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to update.txt.0.dr	false		high
https://all.undo.jp/asr/man5/Kernel32.dllSetDefaultDllDirectoriesMakeBigFile	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MakeBigFile.exe.0.dr, MakeBigFile.exe0.0.dr	false		high
http://www.all.undo.jp/asr/Appendix.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/07.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	false		high
http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/01.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	false		high
http://www.all.undo.jp/asr/man5/	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s(%d)%s?:	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr, Asr.exe.0.dr	false	Avira URL Cloud: safe	low
http://www.all.undo.jp/asr/man5/2.install/01.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://www.all.undo.jp/asr/man5/9.Infomation/1.Usage/01.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, ??????????readme 1st.txt.0.dr	false		high
http://www.all.undo.jp/cgi/report/report.cgi	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, report.ja-JP.0.dr, report.ja-JP0.0.dr	false		high
https://all.undo.jp/asr/man5/9.Infomation/1.Usage/01.htmlopen	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr	false		high
http://search.msn.co.jp/?FORM=HPREFavoritesSoftware	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://all.undo.jp/Invalid	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe.0.dr	false		high
https://all.undo.jp/asr/AppendixRuntime.htmlhttps://all.undo.jp/asr/Appendix.htmlSuccessful	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, FirstSetting.exe.0.dr	false		high
https://http://ftp://.exe.lnk.ico.cur.ani.scr.EXE.LNK.ICO.CUR.ANI.SCR%s%s%s(%d)%s	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MArc.exe0.0.dr, Txv.exe.0.dr, Brws.exe.0.dr, Txv.exe0.0.dr, MArc.exe.0.dr, MkDir.exe.0.dr, Seeker.exe.0.dr	false	Avira URL Cloud: safe	low
https://all.undo.jp/	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, VersionInfo.exe0.0.dr, VersionCheck.exe0.0.dr, VersionCheck.exe.0.dr	false		high
http://www.all.undo.jp/asr/man5/2.install/04.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to uninstall.txt.0.dr	false		high
http://www.all.undo.jp/asr/man5/8.Custmize/1.UserFolder/2.ScriptCommand/02.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, NewCommand.template.0.dr	false		high
https://all.undo.jp/asr/man5/notepadwb	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Asr.exe0.0.dr, Asr.exe.0.dr	false		high
http://www.all.undo.jp/asr/1st/document/02_04.html	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1658500952.0000000002349000.00000004.00001000.00020000.00000000.sdmp, How to update.txt.0.dr	false		high
http://search.msn.co.jp/?FORM=HPRECChildFrameSoftware	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.00000000031B0000.00000004.00001000.00020000.00000000.sdmp, Brws.exe0.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://all.undo.jp/asr/man5/%s%s%s	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, Option.exe0.0.dr, FileNameCp.exe0.0.dr, ArcPack.exe0.0.dr, FileAttribute.exe0.0.dr, Export.exe.0.dr, ArcPack.exe.0.dr, FileCpMv.exe0.0.dr, Export.exe0.0.dr, MakeSelfExtract.exe0.0.dr, CreateLocalTumb.exe0.0.dr, ArcDllInfo.exe.0.dr, FileInfo.exe.0.dr, WinEx.exe.0.dr, FileRename.exe0.0.dr, FileDelete.exe0.0.dr, FileNewEx.exe0.0.dr, FileNewEx.exe.0.dr, SettingInitialization.exe.0.dr, CreateLocalTumb.exe.0.dr, MoveFolder.exe0.0.dr	false		high
https://all.undo.jp/asr/man5/	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe, 00000000.00000003.1682310556.0000000003BB0000.00000004.00001000.00020000.00000000.sdmp, MkDir.exe0.0.dr, Seeker.exe0.0.dr, Brws.exe0.0.dr, FileRenameEx.exe0.0.dr, FileRenameEx.exe.0.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417366
Start date and time:	2024-03-29 05:20:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe
Detection:	CLEAN
Classification:	clean6.winEXE@2/411@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 78 Number of non-executed functions: 47
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Not all processes where analyzed, report is missing behavior information

Process:	C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	7922
Entropy (8bit):	5.466373158309693
Encrypted:	false
SSDEEP:	96:a3GOVoDr4BQx2dDgWMIVZYuFp19V4aVMs9FpvlqtuHey5t4OSCDoEV7g:fOG8BQxUkWPt97Dq0H17hRUEVk
MD5:	F842FECED90CD76BF83E02CB2D87119D
SHA1:	6510570AABAAEF1562BB888C65533D9E6201B4A6
SHA-256:	40467C31445D3C40DD31BB4EFFCE63F9F869A79AE32FC827AA12D58C5663D030
SHA-512:	031EBD50E60BDC0295B9D84CDED544D9987FE2F056E461C0B340FCDF5105EDDDE3D75AF29A4A8613D2794B800A3E78974548CDD68B43A0D5DB852D4E16E2A998
Malicious:	false
Reputation:	low
Preview:	..A.s./.R. .!\|.f.0.0.0.0.0.0.........0.f.e;..^n0.U0.0M..^k0._..j0.0.0.0.0.Y.....S.0..naW0_0P}.g.0s.0}o0.0.0.0.0.0.0.0.0k0....W0f0J0.0~0Y0.0.....0]0a0.0.0.SgqD0_0`0M0~0Y0.0F0.0.0W0O0J0X.D0W0~0Y0.0.........0.0.0.0.0.0.0.0.0.0.0..h.t.t.p.:././.w.w.w...a.l.l...u.n.d.o...j.p./......0A.s./.R...#.n0.0.0.0.0.0.0..h.t.t.p.:././.w.w.w...a.l.l...u.n.d.o...j.p./.a.s.r./......0A.s./.R..0.0.0.0.0.0.0.0..h.t.t.p.:././.w.w.w...a.l.l...u.n.d.o...j.p./.a.s.r./.m.a.n.5./..........0; .0.0.0.0.0.0.0o0.0.Nn0lQ...0.0.0.0.0.0h0qQ..n0.0n0h0j0.0~0Y0.0.....0; #.a}HQo0.0.0.0.0.0.0.0n0.0.0.0.0.0.0.0.0T0)R(uO0`0U0D0.0.....0; .g.en0.`1XJ0.0s0.0s.W0D0...fo0.0hQf0W.e.b..0.0.0g0n0...f.0*QHQh0W0f0J0.0~0Y0.0.....................0.i...0.........0.g.e.`1X.0J0.0s0s.0}j0....o0S0a0.0.0.SgqO0`0U0D0.0....h.t.t.p.:././.w.w.w...a.l.l...u.n.d.o...j.p./.a.s.r./.m.a.n.5./..........0.0.0.0.0.N...0w..ph0W0f0P.C.n0.d\OhQ,..0.R.s.vk0L.F0.v.vn0.0.0.0.0.0.0.0.0.0..n0.0.0.0.0.0g0Y0.0.........0MR\Oo0lQ..W0f0ASpet^L0L}N.W0.0MR.ch0W0f0D0.0.t

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.98882791873611
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe
File size:	3'794'785 bytes
MD5:	12cba957e6008442696a276d44fd60f5
SHA1:	7038d228bb77cd86871202249839e0e8baaaacc6
SHA256:	64a40e5ff36383163b44a06e4672084952bd82ef5e10069c9f4c6557cdf57572
SHA512:	a036bb0606ef8c02b919689774e279335b76dac71ead991dfa77e284cb2c6ca73924fc6cfe79492a60c5a16fab4d36e3f1f4598fd713bc06189fcea8d3e56a27
SSDEEP:	98304:slDhaR53hH+v02hDT0OVErjaCdakSZAvSGE:slgRHn6DT0uE37ZEA6GE
TLSH:	480633716EE9C4B7C1471670C8C81FF7B5EA83190F1415C62784AB3EABB1AE5E128739
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../.../.../...0.../..x3.../...0.../...0.../..u'.../.../.../..x'.../......./......./......./....0../..<).../..Rich./.........

Entrypoint:	0x424bc6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT
Time Stamp:	0x5C6ECB00 [Thu Feb 21 16:00:00 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	48bcb8c8f418f3828fc939bb498f0b51

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2da6c	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x35000	0x818	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x28000	0x1a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x26035	0x26200	b339cea717ebd142b551e6866a41b0f6	False	0.5814805327868853	data	6.676049121913505	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x28000	0x62b6	0x6400	8be3c8f5c1dabdeca75afe03c37ae72c	False	0.3590234375	data	4.67295411075301	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2f000	0x463c	0x400	eb56f8d60fc5d4ce8febe6465417e3d0	False	0.30078125	data	3.034060091049995	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.sxdata	0x34000	0x4	0x200	35925cfdc1176bd9ffc634a58b40ec17	False	0.02734375	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x35000	0x818	0xa00	44cff95140fa308b9aa82bd13650b9b1	False	0.246875	data	2.2433260247204205	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x353e0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.16532258064516128
RT_ICON	0x356c8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.32094594594594594
RT_GROUP_ICON	0x357f0	0x22	data	English	United States	1.0
RT_VERSION	0x35120	0x2c0	data	English	United States	0.49573863636363635

DLL	Import
OLEAUT32.dll	SysAllocStringLen, SysAllocString, SysFreeString, SysStringLen, VariantClear
USER32.dll	CharUpperW
MSVCRT.dll	_controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, exit, _XcptFilter, _exit, _onexit, __dllonexit, ?terminate@@YAXXZ, ??1type_info@@UAE@XZ, _except_handler3, _beginthreadex, memset, strlen, fputc, fflush, fgetc, fclose, _iob, free, malloc, wcscmp, wcsstr, strcmp, memcpy, memmove, _purecall, memcmp, __CxxFrameHandler, _CxxThrowException, fputs
KERNEL32.dll	FormatMessageW, InitializeCriticalSection, ResetEvent, SetEvent, CreateEventW, WaitForSingleObject, lstrlenW, lstrcatW, VirtualFree, VirtualAlloc, SetConsoleMode, GetConsoleMode, GetVersionExW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetConsoleCtrlHandler, WaitForMultipleObjects, GetFileInformationByHandle, GetStdHandle, GlobalMemoryStatus, GetSystemInfo, GetCurrentProcess, GetProcessAffinityMask, FileTimeToLocalFileTime, FileTimeToSystemTime, SetEndOfFile, WriteFile, ReadFile, SetFilePointer, GetFileSize, GetFileAttributesW, GetModuleHandleA, FindFirstFileW, FindClose, GetTickCount, GetCurrentDirectoryW, SetLastError, DeleteFileW, CreateDirectoryW, GetModuleHandleW, GetCommandLineW, SetFileApisToOEM, GetLastError, MultiByteToWideChar, WideCharToMultiByte, LoadLibraryExW, GetModuleFileNameW, LocalFree, GetSystemDirectoryW, CloseHandle, SetFileTime, CreateFileW, SetFileAttributesW, RemoveDirectoryW, MoveFileW, GetProcAddress

Target ID:	0
Start time:	05:20:57
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe"
Imagebase:	0x400000
File size:	3'794'785 bytes
MD5 hash:	12CBA957E6008442696A276D44FD60F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\Asr\??????????readme 1st.txt

C:\Users\user\Desktop\Asr\Common\AllCommand.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\????????????????????????(Don't edit this folder).txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Bar\Default.ico

C:\Users\user\Desktop\Asr\Common\InitTemp\ExternalDefCommand.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\ExternalUserCommand.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\UsrMenu1.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\UsrMenu2.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\UsrMenu3.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_Filter.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_FolderBarAction.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_FolderBarSelItem.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_FolderBarSetting.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_ItemClip.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_ItemClipSetting.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_ListContextMenu.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_ListHeader(Detail).txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_ListNoSelContextMenu.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_PreviewBarSetting.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_RecentBarSelItem.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_RecentBarSetting.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_SortMode.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_TabDropMenu.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_TabMenu.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_TabMenuSetting.txt

C:\Users\user\Desktop\Asr\Common\InitTemp\Menu\_TabMngBarAction.txt

Windows Analysis Report
SecuriteInfo.com.PUA.Bundler.iStartSurf.29803.17991.exe