Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Canvas of Kings_N6xC-S2.exe

Overview

General Information

Sample name:Canvas of Kings_N6xC-S2.exe
Analysis ID:1580374
MD5:af45bc08a07f1ba16abe59f29072ebcc
SHA1:66edea40ba7b38a45bd856e6889bba12384c458f
SHA256:e555c06879ed4eda6277e1fa8a4985590e70d8fa81421103048803e386daaf28
Tags:exeuser-zach
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Modifies the windows firewall
Possible COM Object hijacking
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • Canvas of Kings_N6xC-S2.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: AF45BC08A07F1BA16ABE59F29072EBCC)
    • Canvas of Kings_N6xC-S2.tmp (PID: 7372 cmdline: "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" MD5: 49312C19FA9B298CA2AE71E14F07CCF3)
      • saBSI.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
        • installer.exe (PID: 1448 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 7DD0FAA9C00391333B2A12D21CA028BF)
          • installer.exe (PID: 2476 cmdline: "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 9B6FDFBC11B51E810F01598730A002F4)
      • avg_antivirus_free_setup.exe (PID: 7984 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 8100 cmdline: "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de MD5: 6EBB043BC04784DBC6DF3F4C52391CD0)
          • icarus.exe (PID: 2112 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 2076 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 2936 cmdline: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av MD5: A1FFFE3E9589CCFE629EB653F704A659)
      • norton_secure_browser_setup.exe (PID: 8052 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 1516 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 7276 cmdline: "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5548 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5088 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 560 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 6256 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • netsh.exe (PID: 8164 cmdline: "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • qbittorrent.exe (PID: 3584 cmdline: "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77 MD5: 22A34900ADA67EAD7E634EB693BD3095)
      • WerFault.exe (PID: 4476 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 1596 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3652 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2708 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 6360 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 3272 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • NortonBrowserUpdate.exe (PID: 5444 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 7632 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserCrashHandler.exe (PID: 5288 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe" MD5: 1694092D5DE0E0DAEF4C5EA13EA84CAB)
    • NortonBrowserCrashHandler64.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe" MD5: 09621280025727AB4CB39BD6F6B2C69E)
  • NortonBrowserUpdate.exe (PID: 7612 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 6128 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 3352 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 7716 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 6524 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • servicehost.exe (PID: 8044 cmdline: "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" MD5: F7C7039D19E16D05B6194D74E128DFE4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUT7C55.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1dfc9:$Dwork: D:\work
  • 0x234dc:$Dwork: D:\work
  • 0x2362a:$Dwork: D:\work
  • 0x23781:$Dwork: D:\work
  • 0x2384f:$Dwork: D:\work
  • 0x23c1c:$Dwork: D:\work
  • 0x23d66:$Dwork: D:\work
  • 0x23eba:$Dwork: D:\work
  • 0x23f85:$Dwork: D:\work
  • 0x241b2:$Dwork: D:\work
  • 0x242d9:$Dwork: D:\work
  • 0x243dd:$Dwork: D:\work
  • 0x244f5:$Dwork: D:\work
  • 0x2459f:$Dwork: D:\work
  • 0x24675:$Dwork: D:\work
  • 0x2478a:$Dwork: D:\work
  • 0x24832:$Dwork: D:\work
  • 0x37dd6:$Dwork: D:\work
  • 0x3a645:$Dwork: D:\work
  • 0x3d46a:$Dwork: D:\work
  • 0x3d527:$Dwork: D:\work
Process Memory Space: NortonBrowserUpdate.exe PID: 7276PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0xa9aae:$Dwork: D:\work
  • 0xd785a:$Dwork: D:\work
  • 0xd8457:$Dwork: D:\work
  • 0x10286a:$Dwork: D:\work
  • 0x10e1a7:$Dwork: D:\work
  • 0x10e2fe:$Dwork: D:\work
  • 0x10e3d2:$Dwork: D:\work
  • 0x10e526:$Dwork: D:\work
  • 0x10e6cd:$Dwork: D:\work
  • 0x10e7b7:$Dwork: D:\work
  • 0x10e9a5:$Dwork: D:\work
  • 0x10ea8b:$Dwork: D:\work
  • 0x10ebe9:$Dwork: D:\work
  • 0x10ed01:$Dwork: D:\work
  • 0x10edab:$Dwork: D:\work
  • 0x10ee38:$Dwork: D:\work
  • 0x10ef4d:$Dwork: D:\work
  • 0x10eff5:$Dwork: D:\work
  • 0x11abfa:$Dwork: D:\work
  • 0x11af3c:$Dwork: D:\work
  • 0x11b056:$Dwork: D:\work

Sigma Signatures

System Summary

barindex
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3652, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Canvas of Kings_N6xC-S2.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,5_2_006E14F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_006E17A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00695870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00695870
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00696220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00696220
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CE610 CryptMsgClose,5_2_006CE610
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006967B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_006967B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CEB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_006CEB60
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,5_2_006CF150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,5_2_006CF3C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BB0E0 CryptDestroyHash,CryptDestroyHash,6_2_005BB0E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9250 CryptGenRandom,GetLastError,__CxxThrowException@8,6_2_005B9250
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B82F0 CryptDestroyHash,6_2_005B82F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,6_2_005B9450
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,6_2_005B8DC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_005B9020
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8260 CryptDestroyHash,6_2_005B8260
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_005B9340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B94D0 CryptHashData,GetLastError,__CxxThrowException@8,6_2_005B94D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005D2660 CryptReleaseContext,6_2_005D2660
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B8EF0 CryptReleaseContext,6_2_005B8EF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004909E0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_004909E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045DF30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_0045DF30
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_315e15f9-1

Compliance

barindex
Uses 32bit PE files
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a directory in C:\Program Files
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw617d7505b8724106.tmp
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-TW.txt
PE / OLE file has a valid certificate
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002536000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040CF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480605860.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000036CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002BB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000000.2462770736.0000000000DA1000.00000020.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000245E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475511064.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002586000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484926082.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002508000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479660943.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2473505719.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004187000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489768595.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FA6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003416000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472885934.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003726000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003E9D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033DD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471408789.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000252A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480379493.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003494000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004024000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476310538.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000417B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489515446.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025A8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004141000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486501184.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470936803.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025CA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488891232.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023F6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472315049.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002513000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479920316.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004030000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476513644.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000344F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475014896.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001E46000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2427940153.0000000000668000.00000002.00000001.01000000.0000001B.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3591087477.0000000000668000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002564000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483028940.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000403C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476727137.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004053000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477122150.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3585729673.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002626000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497568878.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004158000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488002623.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034D9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477742749.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000256F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004108000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483548739.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003919000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501313824.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501008100.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002610000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2491543193.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471641190.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004081000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478372251.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000414D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2487001973.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbw source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000243B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FD4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474683028.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000405E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477390906.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000257B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004192000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490167835.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004019000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003489000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476107219.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023EA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F84000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472081062.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002541000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480836801.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004096000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479367721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000345B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475185895.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002604000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490562457.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004075000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478053523.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000416F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489266499.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000254D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481125471.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002474000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000400D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475894425.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002558000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481670080.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3591325154.00000000005D0000.00000002.00000001.00040000.0000003E.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474495271.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004002000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475699721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002592000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000412B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2485820570.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000251E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480145584.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004047000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476926621.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000342D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FBD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474067452.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002402000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F9B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472595155.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023C9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471178338.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004136000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000259D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486154173.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000261B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497045428.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000408B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479090655.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499346239.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00456F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00456F60
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0044E180
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00454590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00454590
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00480AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00480AC0
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewIP Address: 52.168.117.173 52.168.117.173
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eaddons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c03e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e27:b1NIC CA 2011NIC CA 201401:31:69:b007:27:10:0301:31:34:bfDigiNotar PKIoverheid CA Overheid en Bedrijven07:27:10:0d46:9c:2c:b007:27:0f:f9DigiNotar Cyber CA46:9c:2c:afDigiNotar Public CA 202507:27:14:a946:9c:3c:c9d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G21e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CA41UTN-USERFirst-Hardware08:27MD5 Collisions Inc. (http://www.phreedom.org/md5)4c:0e:63:6aDigisign Server ID (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)27:83AC DG Tr equals www.yahoo.com (Yahoo)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498022745.0000000000813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498022745.0000000000813000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust#W
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498067549.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498652844.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2498067549.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrusteularequiredma
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx=
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxL
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2420854000.0000000003F1E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2497037482.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000817000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enuC
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647ACD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000007.00000000.2351083080.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3397679054.0000000004FA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337084765.0000000004FA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990854934.0000000004E0B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318910555.00000000067C7000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337207939.0000000004DC7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/.
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiu
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/r
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgil
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349190124.00000000067BB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2318161422.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2375385709.0000000005105000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.00000000022A6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000075B6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.000000000550B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3592937274.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect/-s1
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: qbittorrent.exe, 0000000B.00000003.3027292090.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Microsoft
Source: saBSI.exe, 00000005.00000002.3398447115.000000000520B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.phreedom.org/md5)4c:0e:63:6aDigisign
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record(
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record1
Source: saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordTr
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorder
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recorderM
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordl)C
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordITION
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002B88000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3377192389.0000000002B6B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2381888143.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424916875.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486418120.0000000002BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25?-
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.0000000000970000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf&
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf22
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfk
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxdelaytimeout-elapsedterminatecontinueargumentsshow-wi
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035E5000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005521000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980888806.000000000555A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005521000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000005.00000003.3389454284.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497790208.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497750229.0000000000814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035BA000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setu6
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip0
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000972000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip=
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipD
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipJ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipK
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002584000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png?
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png~
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002548000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR_A
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipSOR_AJ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.png
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/o
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.000000000230D000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1717753376.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000025EA000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3396366195.00000000034DC000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3398440556.00000000035FE000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1726287659.0000000003490000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E97000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3401628524.0000000004EB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd.tmp
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula9
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BFF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/K
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2696131938.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2726326128.0000000002BF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2759121663.0000000002BF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/S
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2422178168.0000000002BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2979383330.0000000005533000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980549975.0000000005544000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/s
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2981103710.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeO
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b56c3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/48c1/d01f/6234/48c1d01f6234e7c129b31a0c2388de0f102f718721fedf18edb
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3378161000.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BCC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3378161000.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/aa90/1643/995c/aa901643995c786c0598ce59c6edc19d0202ef4a3a8a0cb0c1a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae69fe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2758785230.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483c73
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1717252639.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000C.00000003.2413974771.000001E647AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.co
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesh
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.json
Source: saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/#C
Source: saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/produc
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000005.00000003.2402097240.00000000029A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002922000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002920000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml.DLL
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002983000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json6s
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESSX
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000005.00000003.3388826061.000000000298E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2373628893.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.0000000002986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.000000000298A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.0000000002989000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972327234.0000000002989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2401566204.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3388826061.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3394360271.00000000029A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml0
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryox
Source: saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/
Source: saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000005.00000002.3392763730.000000000290C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.000000000290C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_
Source: saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002900000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.0000000002900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmlOC
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000005.00000003.2987333500.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363737785.0000000004D74000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3337773905.0000000004D73000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363020904.0000000004D73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000005.00000003.3337773905.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2987333500.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3362801507.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3363286994.0000000004D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000005.00000003.3337207939.0000000004DBC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2584630192.0000000004DBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005523000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2371269919.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3377363712.0000000002BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2381404487.0000000002B78000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2381510177.0000000002B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net//url
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActiIP8
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActiva#
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420963541.0000000003EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1735039275531&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420963541.0000000003EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/p
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2757799051.00000000054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2371527456.0000000003EAE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2375053505.0000000003EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: norton_secure_browser_setup.exe, 00000007.00000003.2371527456.0000000003EAE000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2375053505.0000000003EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: NortonBrowserUpdate.exe, 0000001F.00000002.2884114001.0000000000A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy4
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms?
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/e
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000998000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.000000000099B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.0000000000999000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3391475717.0000000002550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/prVersion
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009BF000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/#Zo
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349477442.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2348673267.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2319253716.00000000067B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy1
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3403996832.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447818204.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349477442.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2447324868.00000000067DC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2348673267.0000000004EA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacyb6ll
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2289726300.0000000004EA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990899193.0000000004FA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990938527.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989286614.0000000004FAB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2972188030.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989628987.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989385972.00000000029A0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989104517.0000000004FAA000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2990804992.0000000004F71000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2989007843.0000000004FA6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000007.00000003.2420300648.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.000000000094A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.000000000755E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html64e35416b1d8ed2635
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlP
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009D2000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/SOR_A
Source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html)
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlW
Source: saBSI.exe, 00000005.00000002.3392763730.00000000028CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlu
Source: norton_secure_browser_setup.exe, 00000007.00000003.2427464462.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3587950844.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2427534051.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000074A1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E10000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007496000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement//zbd
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement//zbd=
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3404439315.000000000753D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersfQ
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computpE
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802776838.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.00000000009AC000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.00000000009B6000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.00000000009AB000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388613039.00000000009B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacye
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.0000000000994000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000996000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1R
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802975150.0000000000954000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3388185454.0000000000956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3399922023.0000000004DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000000.1724586539.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405601
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile dropped: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe entropy: 7.99064522414Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\88ea02bf-a24e-483a-a5d2-ee7e40595745 entropy: 7.99995124837Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\2818f0bb-a151-4148-beda-cdffb402d60a entropy: 7.99982131586Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\0fe58d1c-de4b-4979-a36c-9383b4628fb8 entropy: 7.99990414125Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\40721289-34e4-4d6e-8c9f-1c894702dfe8 entropy: 7.99866005103Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\9ffc6aeb-9106-44bf-ac20-b049e1d1298a entropy: 7.99949886139Jump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\30b2e7f6-7445-4912-981e-11149687fecc entropy: 7.9999260316Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exe entropy: 7.9999912886Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dll.lzma entropy: 7.99946367131Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dll.lzma entropy: 7.99990334673Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exe.lzma entropy: 7.99980219406Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma entropy: 7.99945139508Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma entropy: 7.99996225598Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma entropy: 7.99984124576Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma entropy: 7.99987168321Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma entropy: 7.99977021345Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma entropy: 7.99781196203Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma entropy: 7.99958442587Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma entropy: 7.999867387Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma entropy: 7.99982670211Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma entropy: 7.99976885682Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma entropy: 7.99616210321Jump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma entropy: 7.99973839637Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\analyticsmanager.cab entropy: 7.99965056224Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\browserhost.cab entropy: 7.99969064067Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\browserplugin.cab entropy: 7.9992046707Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\logicmodule.cab entropy: 7.99971035479Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\mfw-webadvisor.cab entropy: 7.99497056268Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\mfw.cab entropy: 7.99645912817Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\servicehost.cab entropy: 7.99845734638Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\settingmanager.cab entropy: 7.99959252091Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\taskmanager.cab entropy: 7.99988705726Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uihost.cab entropy: 7.99874187266Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uimanager.cab entropy: 7.99966733883Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\uninstaller.cab entropy: 7.99958655854Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\updater.cab entropy: 7.99956639709Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\wssdep.cab entropy: 7.99928309708Jump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi entropy: 7.99707344308Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7276, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUT7C55.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042C610 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_0042C610
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042FDD0 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,8_2_0042FDD0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042C6D0 NtQueryInformationProcess,8_2_0042C6D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00696220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00696220
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042D9B0 DuplicateTokenEx,SetTokenInformation,SetTokenInformation,GetLastError,CreateProcessAsUserW,GetLastError,CloseHandle,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,8_2_0042D9B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca400.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA5B6.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca403.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5ca403.msi
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\system32\icarus_rvrt.exe
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\5ca403.msi
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9AC55_3_04DC9AC5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC9BA55_3_04DC9BA5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCE1795_3_04DCE179
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC84755_3_04DC8475
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCAE095_3_04DCAE09
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00694F505_2_00694F50
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00698FB05_2_00698FB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006970D95_2_006970D9
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0069F1105_2_0069F110
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B73B05_2_006B73B0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CD5405_2_006CD540
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D18405_2_006D1840
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B3AC05_2_006B3AC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CFFE05_2_006CFFE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C81905_2_006C8190
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D83A05_2_006D83A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CA5405_2_006CA540
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E06605_2_006E0660
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067A6105_2_0067A610
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007186095_2_00718609
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D47C05_2_006D47C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007268E05_2_007268E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D28A05_2_006D28A0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007009195_2_00700919
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007209925_2_00720992
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00720AB25_2_00720AB2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00700B4B5_2_00700B4B
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00672B005_2_00672B00
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D6D435_2_006D6D43
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006FADD05_2_006FADD0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00700DB05_2_00700DB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A8EA05_2_006A8EA0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067CF405_2_0067CF40
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006CF1505_2_006CF150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006BD2C05_2_006BD2C0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070B3405_2_0070B340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070933A5_2_0070933A
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006754005_2_00675400
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006DB4F05_2_006DB4F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007114AF5_2_007114AF
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D76025_2_006D7602
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0067F8305_2_0067F830
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0071D8E05_2_0071D8E0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070390B5_2_0070390B
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006D3A305_2_006D3A30
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006AFB405_2_006AFB40
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A3C505_2_006A3C50
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0069BCB05_2_0069BCB0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00677D105_2_00677D10
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F06_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BBB706_2_005BBB70
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005CC9D06_2_005CC9D0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005D126C6_2_005D126C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BD3406_2_005BD340
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BEDE06_2_005BEDE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005CCE7E6_2_005CCE7E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C66E46_2_005C66E4
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00406B647_2_00406B64
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046A1308_2_0046A130
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004902B08_2_004902B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004823208_2_00482320
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004685208_2_00468520
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046A7E08_2_0046A7E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004869508_2_00486950
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00488DF08_2_00488DF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0046B4508_2_0046B450
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004797B08_2_004797B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004818608_2_00481860
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0043F9108_2_0043F910
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A79B08_2_004A79B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004EC0408_2_004EC040
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004EA0908_2_004EA090
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004780B08_2_004780B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041E1708_2_0041E170
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004221008_2_00422100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004581208_2_00458120
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0043A1B08_2_0043A1B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A62408_2_004A6240
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040C2608_2_0040C260
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CA2008_2_004CA200
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004E221D8_2_004E221D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E2A08_2_0045E2A0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D84568_2_004D8456
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004204608_2_00420460
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CC4708_2_004CC470
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F64838_2_004F6483
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_005004A98_2_005004A9
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004225808_2_00422580
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004E25AB8_2_004E25AB
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041C7B08_2_0041C7B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A68108_2_004A6810
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040C8808_2_0040C880
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D69408_2_004D6940
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004429108_2_00442910
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004849C08_2_004849C0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00448B408_2_00448B40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042AB108_2_0042AB10
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041EB308_2_0041EB30
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00422BC08_2_00422BC0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0040AC008_2_0040AC00
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00424CB08_2_00424CB0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00472DF08_2_00472DF0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004010008_2_00401000
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041D0008_2_0041D000
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B10908_2_004B1090
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004410B08_2_004410B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004235108_2_00423510
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004215F08_2_004215F0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004A96508_2_004A9650
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004D16308_2_004D1630
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F57E48_2_004F57E4
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CD8408_2_004CD840
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004CF8008_2_004CF800
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0048D9008_2_0048D900
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045B9B08_2_0045B9B0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0041DB408_2_0041DB40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004C9B408_2_004C9B40
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044BCD08_2_0044BCD0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00425CA08_2_00425CA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044FED08_2_0044FED0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004C9EB08_2_004C9EB0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0047BF108_2_0047BF10
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 004281F0 appears 36 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 004B5E80 appears 41 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 00427650 appears 66 times
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: String function: 00418930 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00681BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 00714231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F8E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006B8650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F85BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: String function: 006F9600 appears 61 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.5.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 23003272 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
Source: sciterui.dll.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_ms.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.13.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.13.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.13.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ca.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.7.drStatic PE information: No import functions for PE file found
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000000.1717367430.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.3408565373.0000000002368000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1723105496.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: Canvas of Kings_N6xC-S2.exe, 00000000.00000003.1720824889.0000000002680000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Canvas of Kings_N6xC-S2.exe
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 1516, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7276, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUT7C55.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: qbittorrent.exe.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal64.rans.spyw.evad.winEXE@74/1362@0/20
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0042FF60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,8_2_0042FF60
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00685C1E CoCreateInstance,OleRun,5_2_00685C1E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006A5318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,5_2_006A5318
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7372
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/roaming/qbittorrent/lockfile
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeMutant created: NULL
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\b5e288bd827120e1f7148c4765db9585
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\995cb1dfdac15cf206bf35d68b1b7b27
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\4eb58381ca84fca415caf4070ffa6c43
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{B5665124-2B19-40e2-A7BC-B44321E72C4B}
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server06_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: X>]6_2_005B52F0
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%klekeajafkkpokaofllcadenjdckhinm%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%fheoggkfdfchfphceeifdbepaooicaho%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001C14000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Canvas of Kings_N6xC-S2.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile read: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe "C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe"
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1920010323\installer.exe "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: unknownProcess created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp "C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp" /SL5="$10458,13566766,780800,C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNwJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A77Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1920010323\installer.exe "C:\Program Files\McAfee\Temp1920010323\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: webio.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: schannel.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpAutomated click: Run
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw617d7505b8724106.tmp
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.82f740ca.lzma
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740ca
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740ca
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: certificate valid
Source: Canvas of Kings_N6xC-S2.exeStatic file information: File size 14472984 > 1048576
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2424179394.0000000005394000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002536000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040CF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480605860.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000036CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002BB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000000.2462770736.0000000000DA1000.00000020.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000245E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475511064.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002E70000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000039B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000411F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002586000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484926082.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002508000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479660943.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003421000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FB2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2473505719.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004187000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489768595.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FA6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003416000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472885934.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003726000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C0B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003316000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003E9D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdb source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F6D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033DD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471408789.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000252A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480379493.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003494000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004024000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476310538.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000417B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489515446.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025A8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004141000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486501184.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000002.3586736349.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000000.2319667381.00000000005D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2585971984.0000000005767000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2290755507.000000000073E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3391665010.000000000073E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470936803.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004164000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025CA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488891232.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023F6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472315049.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002513000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479920316.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000378F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002C73000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002497000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004030000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476513644.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000344F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475014896.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2406528841.0000000001E46000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2698012912.0000000005685000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000000.2427940153.0000000000668000.00000002.00000001.01000000.0000001B.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3591087477.0000000000668000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002564000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483028940.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000403C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034AC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476727137.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034C3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004053000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477122150.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498119970.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3585729673.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002626000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497568878.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2488832417.00000000055F8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498435012.0000000000806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004158000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488002623.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004069000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034D9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477742749.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000256F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004108000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2483548739.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002ECD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003919000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501313824.0000000000805000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501008100.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002610000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2491543193.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023DF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471641190.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004081000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478372251.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000414D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2487001973.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\UIHost.pdbw source: installer.exe, 00000027.00000003.3082483290.000002994BB6E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000243B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FD4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474683028.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034CE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000405E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477390906.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004114000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000257B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484249267.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004192000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490167835.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004019000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003489000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476107219.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023EA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F84000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472081062.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002541000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480836801.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004096000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024FD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479367721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000345B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475185895.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000419D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002604000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490562457.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004075000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034E5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478053523.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000025D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000416F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489266499.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040E6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000254D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481125471.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3588322794.0000000000514000.00000002.00000001.01000000.00000015.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2373744327.0000000000514000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002474000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000400D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475894425.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040F1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002558000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481670080.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470816485.0000000000803000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470148483.0000000000804000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2470770786.0000000000813000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002430000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3591325154.00000000005D0000.00000002.00000001.00040000.0000003E.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474495271.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000003472000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004002000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475699721.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002592000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000412B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2485820570.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000251E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000040B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480145584.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004047000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476926621.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002F2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.000000000342D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003FBD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474067452.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.0000000002402000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F9B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2472595155.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2640201551.00000000055CD000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000023C9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003F62000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2471178338.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000004136000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000259D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2486154173.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.000000000261B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.00000000041B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497045428.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2431144206.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.000000000408B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479090655.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2437428826.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2434551790.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499346239.0000000000805000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_006C2B30
Source: Canvas of Kings_N6xC-S2.exeStatic PE information: section name: .didata
Source: Canvas of Kings_N6xC-S2.tmp.0.drStatic PE information: section name: .didata
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmetad
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmimed
Source: saBSI.exe.1.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.drStatic PE information: section name: .didat
Source: installer.exe.5.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.6.drStatic PE information: section name: .didat
Source: icarus_ui.exe.8.drStatic PE information: section name: _RDATA
Source: dump_process.exe.8.drStatic PE information: section name: .didat
Source: dump_process.exe.8.drStatic PE information: section name: _RDATA
Source: bug_report.exe.8.drStatic PE information: section name: _RDATA
Source: icarus.exe.8.drStatic PE information: section name: .didat
Source: icarus.exe.8.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.13.drStatic PE information: section name: _RDATA
Source: psmachine.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: _RDATA
Source: psuser.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.14.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DC7AF1 push esi; retf 5_3_04DC7B12
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCCABF push edi; iretd 5_3_04DCCAC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCBFAA pushfd ; retf 5_3_04DCBFAB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCB925 push ss; ret 5_3_04DCB963
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_3_04DCA7C5 push esp; iretd 5_3_04DCA7C6

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_005BA100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004AC0E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_004ABAA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004ABD80
Possible COM Object hijacking
Source: c:\program files\mcafee\webadvisor\x64\wssdep.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{21cbfec0-e728-420c-b4a4-a58ad2089aba}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psuser.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Users\user\AppData\Local\Temp\mwa67FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\StdUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\Midex.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeFile created: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\resource.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_005B52F0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1920010323\jslang\eula-zh-TW.txt

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_005BA100
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004AC0E0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_004ABAA0
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_004ABD80
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006B0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,5_2_006B0540
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\Desktop\Canvas of Kings_N6xC-S2.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2726693216.00000000054F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3A770000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AA50000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AA70000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AF70000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA3AFB0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B110000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B250000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B2B0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B2D0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B330000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B390000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1BA4B530000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E150 rdtsc 8_2_0045E150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_product.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\Midex.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsisdl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwa67FC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{E5C3037F-9C43-404C-96DF-0F8C6BDE9603}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.82f740caJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\Temp1920010323\resource.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.82f740caJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\acuapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus_mod.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1920010323\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeDropped PE file which has not been started: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7C54.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_5-84206
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7428Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmp TID: 7432Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 8004Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe TID: 8120Thread sleep time: -90000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2256Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 1376Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 6252Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\Temp1920010323\installer.exe TID: 1216Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 2640Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 2640Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00456F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_00456F60
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0044E180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_0044E180
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00454590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_00454590
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00480AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_00480AC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006E2782 VirtualQuery,GetSystemInfo,5_2_006E2782
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000002.3397681353.00000000035A2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241224062016\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"AVG_BRW\",\"18\":\"ZB_Norton_BRW\",\"19\":\"noChGroupx3\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\":\"2.40.1.8919\",\"15\":0,\"22\":\"Canvas of Kings\",\"10\":2,\"17\":\"3\",\"16\":\"norton\",\"20}Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFI","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFK","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUC","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}3~
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2375933862.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2448272083.00000000009E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6;/P
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}D
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2379976256.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:}
Source: norton_secure_browser_setup.exe, 00000007.00000003.2390716902.0000000003F14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: NortonBrowserUpdate.exe, 0000001F.00000002.2884114001.0000000000A1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2376585860.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:%%p
Source: qbittorrent.exe, 0000000B.00000000.2407648957.0000000001F11000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@8"_
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2290141005.0000000004E91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: saBSI.exe-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efD
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2349845400.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1802827513.000000000097B000.00000004.00000020.00020000.00000000.sdmp, Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804108372.0000000000986000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3389454284.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3390215903.0000000002933000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2344566467.0000000002937000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3392763730.00000000028F5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.1804040028.00000000009CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: d}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2980166253.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2371310170.0000000005553000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2424916875.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2425410728.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2485847338.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2486418120.0000000002BA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: Canvas of Kings_N6xC-S2.tmp, 00000001.00000003.2449360430.000000000094A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@j
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3376215719.0000000002BA5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2758393367.0000000002BA4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2639164790.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2581090138.0000000002BA5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2695083820.0000000002BA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn7
Source: qbittorrent.exe, 0000000B.00000000.2407648957.0000000001F11000.00000008.00000001.01000000.00000017.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_0045E150 rdtsc 8_2_0045E150
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_007170B4 IsDebuggerPresent,OutputDebugStringW,5_2_007170B4
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00695204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,5_2_00695204
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00684C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00684C8E
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00727BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C5_2_00727BC0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006C2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_006C2B30
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0070E8FE mov eax, dword ptr fs:[00000030h]5_2_0070E8FE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717C6A mov eax, dword ptr fs:[00000030h]5_2_00717C6A
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717CF2 mov eax, dword ptr fs:[00000030h]5_2_00717CF2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717CAE mov eax, dword ptr fs:[00000030h]5_2_00717CAE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00717D23 mov eax, dword ptr fs:[00000030h]5_2_00717D23
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C7C5A mov eax, dword ptr fs:[00000030h]6_2_005C7C5A
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F8F06 mov eax, dword ptr fs:[00000030h]8_2_004F8F06
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F8F4A mov eax, dword ptr fs:[00000030h]8_2_004F8F4A
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004F35B7 mov ecx, dword ptr fs:[00000030h]8_2_004F35B7
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_0068463F GetProcessHeap,5_2_0068463F
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_006F9018
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006F93F2
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006FD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006FD453
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9586 SetUnhandledExceptionFilter,5_2_006F9586
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_005C10FF
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C1292 SetUnhandledExceptionFilter,6_2_005C1292
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_005C13AB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005C4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_005C4476
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004DEE56 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_004DEE56
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B5168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_004B5168
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_004B5C80 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_004B5C80
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNwJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0Y4RUZEMTIxLTMxNTctNDk4Ri04Q0I3LTY0NDBDOTNBRkQ1RH0iIHVzZXJpZD0ie0EzQTlGMDhDLUFENjQtNDlEQS05OTk2LTA4MjhDNzdBQkQ0M30iIHVzZXJpZF9kYXRlPSIyMDI0MTIyNCIgbWFjaGluZWlkPSJ7MDAwMEVCRjAtNUI1QS00OTMxLTkzMTMtMjJGQTNEQjA4MkU1fSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjI0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezk4QzA5MDM0LUU1RkUtNEQ5RC05Njc2LTdDRDE2NzczRTc5NH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTkyMSIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{F8EFD121-3157-498F-8CB7-6440C93AFD5D}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7372 -ip 7372
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 996
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbM7D91RIlwoyQ1Yx2l3DSXt21SlOEj2IUmH6IOGhoBWn3a1RafQcAvju08IZYJfZKASNw /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7c54.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0y4ruzemtixltmxntctndk4ri04q0i3lty0ndbdotnbrkq1rh0iihvzzxjpzd0ie0ezqtlgmdhdlufenjqtndleqs05otk2lta4mjhdnzdbqkq0m30iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmevcrjatnui1qs00otmxltkzmtmtmjjgqtneqja4mku1fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezk4qza5mdm0luu1rkutneq5rc05njc2ltddrde2nzczrtc5nh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0intkymsivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{f8efd121-3157-498f-8cb7-6440c93afd5d}" /silent
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /ga_clientid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /edat_dir:c:\windows\temp\asw.bb4a8def2d6384deJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb
Source: C:\Users\user\AppData\Local\Temp\nsd5F39.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7c54.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0y4ruzemtixltmxntctndk4ri04q0i3lty0ndbdotnbrkq1rh0iihvzzxjpzd0ie0ezqtlgmdhdlufenjqtndleqs05otk2lta4mjhdnzdbqkq0m30iihvzzxjpzf9kyxrlpsiymdi0mtiyncigbwfjagluzwlkpsj7mdawmevcrjatnui1qs00otmxltkzmtmtmjjgqtneqja4mku1fsigbwfjagluzwlkx2rhdgu9ijiwmjqxmji0iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezk4qza5mdm0luu1rkutneq5rc05njc2ltddrde2nzczrtc5nh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0intkymsivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{f8efd121-3157-498f-8cb7-6440c93afd5d}" /silent
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av-vps_slave_ep_e7f0c869-167a-4139-a16d-31af16f6dc30 /slave:avg-av-vps
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeProcess created: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe c:\windows\temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbm7d91rilwoyq1yx2l3dsxt21sloej2iumh6ioghobwn3a1rafqcavju08izyjfzkasnw /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.bb4a8def2d6384de /track-guid:88a6df3f-67bc-4d6d-904d-95a1c0ec41bb /er_master:master_ep_441004a3-c36f-4a89-9629-f9cea7397d5a /er_ui:ui_ep_dfc3c555-cd35-41e3-8a40-c13bc5cc6ec3 /er_slave:avg-av_slave_ep_7d07334d-3f3d-4340-a87e-5ed01975b7c3 /slave:avg-av
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: 8_2_00430570 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,CopySid,LocalAlloc,InitializeAcl,AddAce,TreeResetNamedSecurityInfoW,SetLastError,8_2_00430570
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_006F9215 cpuid 5_2_006F9215
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_007145DA
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C952
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C907
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_0071C9ED
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_0071CA80
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0071CCE0
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0071CE06
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_0071CF0C
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0071CFDB
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,5_2_006F7E28
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_00713F6D
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_004FC039
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_004FC20E
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004F86CD
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,8_2_004F8C33
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_004FB88F
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBB37
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBB82
Source: C:\Windows\Temp\asw.bb4a8def2d6384de\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_004FBC1D
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\WebAdvisor.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-72fc005a-ffa8-495b-a8af-97c0b3f24634\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeCode function: 5_2_00714619 GetSystemTimeAsFileTime,5_2_00714619
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_005BA100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,6_2_005BA100
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\AppData\Local\Temp\is-LRQTS.tmp\Canvas of Kings_N6xC-S2.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Program Files (x86)\GUM7C54.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R1F1C.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
1
Software		Acquire Infrastructure1
Valid Accounts		521
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		23
Disable or Modify Tools		1
OS Credential Dumping		1
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomains1
Replication Through Removable Media		2
Native API		1
Image File Execution Options Injection		1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Browser Session Hijacking		Junk DataExfiltration Over Bluetooth1
System Shutdown/Reboot
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Component Object Model Hijacking		1
Component Object Model Hijacking		2
Obfuscated Files or Information		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin Shares1
Data from Local System		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Software Packing		NTDS168
System Information Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Windows Service		11
Access Token Manipulation		1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		1
Windows Service		1
File Deletion		Cached Domain Credentials8101
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Registry Run Keys / Startup Folder		11
Process Injection		33
Masquerading		DCSync47
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		1
Scheduled Task/Job		1
Valid Accounts		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		1
Modify Registry		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron47
Virtualization/Sandbox Evasion		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Access Token Manipulation		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Bootkit		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580374 Sample: Canvas of Kings_N6xC-S2.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 64 190 Malicious sample detected (through community Yara rule) 2->190 192 Antivirus / Scanner detection for submitted sample 2->192 194 Multi AV Scanner detection for submitted file 2->194 196 9 other signatures 2->196 11 Canvas of Kings_N6xC-S2.exe 2 2->11         started        14 NortonBrowserUpdate.exe 2->14         started        18 servicehost.exe 2->18         started        20 5 other processes 2->20 process3 dnsIp4 130 C:\Users\user\...\Canvas of Kings_N6xC-S2.tmp, PE32 11->130 dropped 22 Canvas of Kings_N6xC-S2.tmp 5 32 11->22         started        178 23.32.238.114 XO-AS15US United States 14->178 132 {E5C3037F-9C43-404...rowserInstaller.exe, PE32+ 14->132 dropped 224 Query firmware table information (likely to detect VMs) 14->224 180 2.19.198.75 AKAMAI-ASUS European Union 18->180 226 Tries to harvest and steal browser information (history, passwords, etc) 18->226 182 23.218.208.109 AS6453US United States 20->182 184 127.0.0.1 unknown unknown 20->184 26 WerFault.exe 20->26         started        28 NortonBrowserUpdate.exe 20->28         started        30 NortonBrowserUpdate.exe 20->30         started        32 4 other processes 20->32 file5 signatures6 process7 dnsIp8 166 65.9.108.105 AMAZON-02US United States 22->166 168 65.9.108.223 AMAZON-02US United States 22->168 104 C:\Users\user\AppData\...\qbittorrent.exe, PE32 22->104 dropped 106 C:\Users\...\norton_secure_browser_setup.exe, PE32 22->106 dropped 108 C:\Users\...\avg_antivirus_free_setup.exe, PE32 22->108 dropped 110 9 other files (7 malicious) 22->110 dropped 34 avg_antivirus_free_setup.exe 1 3 22->34         started        39 saBSI.exe 11 8 22->39         started        41 norton_secure_browser_setup.exe 14 93 22->41         started        43 4 other processes 22->43 file9 process10 dnsIp11 152 142.250.181.78 GOOGLEUS United States 34->152 162 2 other IPs or domains 34->162 92 C:\...\avg_antivirus_free_online_setup.exe, PE32 34->92 dropped 198 Query firmware table information (likely to detect VMs) 34->198 200 Contains functionality to infect the boot sector 34->200 45 avg_antivirus_free_online_setup.exe 34->45         started        154 23.32.238.139 XO-AS15US United States 39->154 164 3 other IPs or domains 39->164 94 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 39->94 dropped 202 Writes many files with high entropy 39->202 49 installer.exe 39->49         started        156 104.20.86.8 CLOUDFLARENETUS United States 41->156 96 C:\Users\user\AppData\...\thirdparty.dll, PE32 41->96 dropped 98 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 41->98 dropped 100 C:\Users\user\AppData\Local\...\reboot.dll, PE32 41->100 dropped 102 9 other files (none is malicious) 41->102 dropped 204 Tries to harvest and steal browser information (history, passwords, etc) 41->204 206 Checks if the current machine is a virtual machine (disk enumeration) 41->206 51 NortonBrowserUpdateSetup.exe 41->51         started        158 52.168.117.173 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->158 160 52.182.143.212 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->160 53 conhost.exe 43->53         started        file12 signatures13 process14 file15 134 C:\Windows\Temp\...\icarus.exe, PE32+ 45->134 dropped 136 C:\Windows\Temp\...\setupui.cont, XZ 45->136 dropped 138 C:\...\9ffc6aeb-9106-44bf-ac20-b049e1d1298a, LZMA 45->138 dropped 146 9 other files (5 malicious) 45->146 dropped 214 Query firmware table information (likely to detect VMs) 45->214 216 Contains functionality to infect the boot sector 45->216 218 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 45->218 55 icarus.exe 45->55         started        140 C:\Program Files\McAfee\...\installer.exe, PE32+ 49->140 dropped 142 C:\Program Files\McAfee\...\wssdep.cab, Microsoft 49->142 dropped 148 15 other files (14 malicious) 49->148 dropped 220 Writes a notice file (html or txt) to demand a ransom 49->220 222 Writes many files with high entropy 49->222 60 installer.exe 49->60         started        144 C:\...144ortonBrowserUpdate.exe, PE32 51->144 dropped 150 71 other files (none is malicious) 51->150 dropped 62 NortonBrowserUpdate.exe 51->62         started        signatures16 process17 dnsIp18 170 1.1.1.1 CLOUDFLARENETUS Australia 55->170 172 34.160.176.28 ATGS-MMD-ASUS United States 55->172 112 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 55->112 dropped 114 C:\Windows\Temp\...\icarus_product.dll, PE32+ 55->114 dropped 116 C:\Windows\Temp\...\icarus.exe, PE32+ 55->116 dropped 124 15 other files (10 malicious) 55->124 dropped 208 Query firmware table information (likely to detect VMs) 55->208 210 Writes many files with high entropy 55->210 64 icarus.exe 55->64         started        68 icarus.exe 55->68         started        174 52.33.149.47 AMAZON-02US United States 60->174 176 184.85.182.130 AKAMAI-ASN1EU United States 60->176 118 C:\Program Files\McAfee\...\wssdep.dll, PE32+ 60->118 dropped 120 C:\Program Files\McAfee\...\servicehost.exe, PE32+ 60->120 dropped 126 14 other files (1 malicious) 60->126 dropped 122 C:\...122ortonBrowserUpdate.exe, PE32 62->122 dropped 128 72 other files (1 malicious) 62->128 dropped 212 Creates an undocumented autostart registry key 62->212 70 NortonBrowserUpdate.exe 62->70         started        72 NortonBrowserUpdate.exe 62->72         started        74 NortonBrowserUpdate.exe 62->74         started        76 NortonBrowserUpdate.exe 62->76         started        file19 signatures20 process21 file22 84 wa_3rd_party_host_...e.ipending.82f740ca, PE32+ 64->84 dropped 86 wa_3rd_party_host_...e.ipending.82f740ca, PE32 64->86 dropped 88 C:\...\su_worker.exe.ipending.82f740ca, PE32+ 64->88 dropped 90 22 other files (21 malicious) 64->90 dropped 186 Query firmware table information (likely to detect VMs) 64->186 188 Writes many files with high entropy 64->188 78 NortonBrowserUpdateComRegisterShell64.exe 70->78         started        80 NortonBrowserUpdateComRegisterShell64.exe 70->80         started        82 NortonBrowserUpdateComRegisterShell64.exe 70->82         started        signatures23 process24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.