Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
utweb_installer (1).exe

Overview

General Information

Sample name:utweb_installer (1).exe
Analysis ID:1622233
MD5:6a2b68a6587e292da47cb2943d83d534
SHA1:20d164015a691bdfbdefda52699191567de47fdb
SHA256:ef84a998fdc17cc0cf630e8e00586d6bc2ade522c21686053d026b6649d5115b
Tags:exeuser-Brunno
Infos:

Detection

Score:50
Range:0 - 100
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Found evasive API chain checking for user administrative privileges
Joe Sandbox ML detected suspicious sample
Possible COM Object hijacking
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Adds / modifies Windows certificates
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • utweb_installer (1).exe (PID: 7288 cmdline: "C:\Users\user\Desktop\utweb_installer (1).exe" MD5: 6A2B68A6587E292DA47CB2943D83D534)
    • saBSI.exe (PID: 7860 cmdline: "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • saBSI.exe (PID: 8156 cmdline: "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_update MD5: 7A1B6316D5D64A740B847D8261EA3E83)
        • installer.exe (PID: 940 cmdline: "C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: BDC856946755585518B19CA8411AA834)
          • installer.exe (PID: 3980 cmdline: "C:\Program Files\McAfee\Temp3870638436\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 8E9953B04910C76F284F0E34E1F9921E)
    • avg_antivirus_free_setup.exe (PID: 7880 cmdline: "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi MD5: 26816AF65F2A3F1C61FB44C682510C97)
      • avg_antivirus_free_online_setup.exe (PID: 8052 cmdline: "C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 MD5: 5557D312D77B2E9EBC4F41FE6115B6CD)
        • icarus.exe (PID: 2188 cmdline: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 MD5: 550D71E8FDE02A25E94F2EE2AB4E7AEC)
          • icarus.exe (PID: 3396 cmdline: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av MD5: 550D71E8FDE02A25E94F2EE2AB4E7AEC)
          • icarus.exe (PID: 3796 cmdline: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps MD5: 682C11F76A23CA0A2404C23E515FAE77)
    • norton_secure_browser_setup.exe (PID: 7924 cmdline: "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
      • NortonBrowserUpdateSetup.exe (PID: 8140 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
        • NortonBrowserUpdate.exe (PID: 2200 cmdline: "C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
          • NortonBrowserUpdate.exe (PID: 1432 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
          • NortonBrowserUpdate.exe (PID: 3468 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
          • NortonBrowserUpdate.exe (PID: 180 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezU5QkQwODA2LUQ0OEQtNEIzMy04QTQwLTREMUZCMzlCNTc2RH0iIHVzZXJpZD0iezM1OEJGNjQ0LTk5NzQtNEU1Qy04NDhELTRCNDQxNzcyRDg1Qn0iIHVzZXJpZF9kYXRlPSIyMDI1MDIyMyIgbWFjaGluZWlkPSJ7MDAwMDQ0RUUtMDY5My1BMjEyLTQ4ODItNjlBQzBENjg4NzAzfSIgbWFjaGluZWlkX2RhdGU9IjIwMjUwMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0IwQjBENkJFLTk4MDQtNDY0Ni1BOUNBLTY0REY1NEExOThBMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iODE0MCIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
          • NortonBrowserUpdate.exe (PID: 7472 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59BD0806-D48D-4B33-8A40-4D1FB39B576D}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • NortonBrowserUpdate.exe (PID: 5244 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • NortonBrowserUpdate.exe (PID: 7108 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 7064 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 1832 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 7400 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 7504 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUTAC77.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: NortonBrowserUpdateSetup.exe PID: 8140PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x98ee:$Dwork: D:\work
  • 0x9944:$Dwork: D:\work
  • 0x99a7:$Dwork: D:\work
  • 0x99df:$Dwork: D:\work
  • 0x9a32:$Dwork: D:\work
  • 0x9a85:$Dwork: D:\work
  • 0xc112:$Dwork: D:\work
  • 0xc376:$Dwork: D:\work
  • 0x16186:$Dwork: D:\work
  • 0x16d74:$Dwork: D:\work
  • 0x2c0c3:$Dwork: D:\work
  • 0x40738:$Dwork: D:\work
  • 0x42634:$Dwork: D:\work
  • 0x462c8:$Dwork: D:\work
  • 0x463e3:$Dwork: D:\work
  • 0x4653a:$Dwork: D:\work
  • 0x46835:$Dwork: D:\work
  • 0x4694d:$Dwork: D:\work
  • 0x46aa1:$Dwork: D:\work
  • 0x46c48:$Dwork: D:\work
  • 0x46d32:$Dwork: D:\work
Process Memory Space: NortonBrowserUpdate.exe PID: 2200PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x3320d:$Dwork: D:\work
  • 0x389b8:$Dwork: D:\work
  • 0x3d4b4:$Dwork: D:\work
  • 0x3d59e:$Dwork: D:\work
  • 0x3d728:$Dwork: D:\work
  • 0x3d80e:$Dwork: D:\work
  • 0x3d96c:$Dwork: D:\work
  • 0x3da84:$Dwork: D:\work
  • 0x3db2e:$Dwork: D:\work
  • 0x3dc29:$Dwork: D:\work
  • 0x3dd3e:$Dwork: D:\work
  • 0x3dde6:$Dwork: D:\work
  • 0x440cb:$Dwork: D:\work
  • 0x4442e:$Dwork: D:\work
  • 0x44536:$Dwork: D:\work
  • 0x4468d:$Dwork: D:\work
  • 0x44730:$Dwork: D:\work
  • 0x44884:$Dwork: D:\work
  • 0x44a96:$Dwork: D:\work
  • 0x44b7c:$Dwork: D:\work
  • 0x5c9da:$Dwork: D:\work
Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4076PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x6000:$Dwork: D:\work
  • 0xe939:$Dwork: D:\work
  • 0xda:$Shell6: Shell6
  • 0x113:$Shell6: Shell6
  • 0x188:$Shell6: Shell6
  • 0x1b2:$Shell6: Shell6
  • 0x27f:$Shell6: Shell6
  • 0x2ea:$Shell6: Shell6
  • 0x439:$Shell6: Shell6
  • 0x478:$Shell6: Shell6
  • 0x4b1:$Shell6: Shell6
  • 0x51c:$Shell6: Shell6
  • 0x589:$Shell6: Shell6
  • 0x615:$Shell6: Shell6
  • 0xfa8:$Shell6: Shell6
  • 0x100d:$Shell6: Shell6
  • 0x1069:$Shell6: Shell6
  • 0x72e3:$Shell6: Shell6
  • 0x7316:$Shell6: Shell6
  • 0x8b4f:$Shell6: Shell6
  • 0x9526:$Shell6: Shell6
Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 5752PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x74c5:$Dwork: D:\work
  • 0xf40e:$Dwork: D:\work
  • 0x221:$Shell6: Shell6
  • 0x93f:$Shell6: Shell6
  • 0xe1e:$Shell6: Shell6
  • 0xfca:$Shell6: Shell6
  • 0x215c:$Shell6: Shell6
  • 0x2ad9:$Shell6: Shell6
  • 0x2b03:$Shell6: Shell6
  • 0x2b3c:$Shell6: Shell6
  • 0x2bd0:$Shell6: Shell6
  • 0x2c0f:$Shell6: Shell6
  • 0x2c89:$Shell6: Shell6
  • 0x2cf5:$Shell6: Shell6
  • 0x2d35:$Shell6: Shell6
  • 0x2dae:$Shell6: Shell6
  • 0x2dee:$Shell6: Shell6
  • 0x2e27:$Shell6: Shell6
  • 0x2e96:$Shell6: Shell6
  • 0x2f10:$Shell6: Shell6
  • 0x87a8:$Shell6: Shell6
Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4228PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x43b6:$Dwork: D:\work
  • 0x1025d:$Dwork: D:\work
  • 0x5699:$Shell6: Shell6
  • 0x56cc:$Shell6: Shell6
  • 0x6cd7:$Shell6: Shell6
  • 0x73c1:$Shell6: Shell6
  • 0x7423:$Shell6: Shell6
  • 0x7487:$Shell6: Shell6
  • 0x7606:$Shell6: Shell6
  • 0x7692:$Shell6: Shell6
  • 0x7773:$Shell6: Shell6
  • 0x78c1:$Shell6: Shell6
  • 0x9442:$Shell6: Shell6
  • 0x94a4:$Shell6: Shell6
  • 0x95f3:$Shell6: Shell6
  • 0x9e5e:$Shell6: Shell6
  • 0xadc1:$Shell6: Shell6
  • 0xb283:$Shell6: Shell6
  • 0xb44b:$Shell6: Shell6
  • 0xb4b8:$Shell6: Shell6
  • 0xb533:$Shell6: Shell6
Click to see the 2 entries

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: utweb_installer (1).exeVirustotal: Detection: 9%Perma Link
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 92.5% probability
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F117A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,4_2_00F117A0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC5870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,4_2_00EC5870
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC6220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,4_2_00EC6220
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFE610 CryptMsgClose,4_2_00EFE610
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC67B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,4_2_00EC67B0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFEB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,4_2_00EFEB60
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFF150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,4_2_00EFF150
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFF3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,4_2_00EFF3C0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F114F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,4_2_00F114F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CFB0E0 CryptDestroyHash,CryptDestroyHash,5_2_00CFB0E0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF82F0 CryptDestroyHash,5_2_00CF82F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF9250 CryptGenRandom,GetLastError,__CxxThrowException@8,5_2_00CF9250
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,5_2_00CF9450
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,5_2_00CF8DC0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,5_2_00CF9020
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF8260 CryptDestroyHash,5_2_00CF8260
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,5_2_00CF9340
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF94D0 CryptHashData,GetLastError,__CxxThrowException@8,5_2_00CF94D0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF8EF0 CryptReleaseContext,5_2_00CF8EF0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D12660 CryptReleaseContext,5_2_00D12660
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C3E320 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_00C3E320
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C71140 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,7_2_00C71140
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E2E0D0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,9_2_00E2E0D0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E2E380 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,9_2_00E2E380
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E06850 CryptMsgClose,9_2_00E06850
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E06D70 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,9_2_00E06D70
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E075C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,9_2_00E075C0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E273240 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,9_2_6E273240
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E274130 SHGetSpecialFolderPathW,GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,9_2_6E274130
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E273BA0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,9_2_6E273BA0
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_cc48114c-4

Compliance

barindex
Uses 32bit PE files
Source: utweb_installer (1).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates a directory in C:\Program Files
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\aswb673e8bc4ae1bcef.tmp
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5
Creates license or readme file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-cs-CZ.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-da-DK.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-de-DE.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-el-GR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-en-US.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-es-ES.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-es-MX.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fi-FI.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fr-CA.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fr-FR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-hr-HR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-hu-HU.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-it-IT.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ja-JP.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ko-KR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-nb-NO.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-nl-NL.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pl-PL.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pt-BR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pt-PT.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ru-RU.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sk-SK.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sr-Latn-CS.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sv-SE.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-tr-TR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-zh-CN.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-zh-TW.txt
PE / OLE file has a valid certificate
Source: utweb_installer (1).exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: utweb_installer (1).exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025A5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510276964.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510167218.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003738000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000000.2482135963.00000000004A1000.00000020.00000001.01000000.00000017.sdmp, NortonBrowserUpdate.exe, 0000000C.00000000.2534622907.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 0000000D.00000000.2538894476.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000010.00000000.2543505515.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000011.00000000.2544839828.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000013.00000002.2571761646.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000015.00000000.2578725302.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3011867930.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000017.00000000.2581278209.0000000000111000.00000020.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000265D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002C7C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002617000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513859272.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513612481.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000005.00000002.3019010572.0000000000D13000.00000002.00000001.01000000.0000000C.sdmp, avg_antivirus_free_setup.exe, 00000005.00000000.2358071196.0000000000D13000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518344685.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498710906.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000002.2541944569.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000000.2539969483.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000000.2542392303.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000002.2546599528.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000000.2547277675.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000002.2549332242.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3037866767.000000006E287000.00000002.00000001.01000000.0000001A.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518797463.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003470000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500595629.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500671930.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.00000000037FB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3038225499.000000006CF81000.00000002.00000001.01000000.00000018.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3032930931.000000006B781000.00000002.00000001.01000000.0000001C.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3038549732.000000006B781000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003511000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504952902.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505063009.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034C0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502462155.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502462155.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002512000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505339666.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505266479.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518797463.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_product_av.pdb source: icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2519235215.0000000000792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3030732013.000000006B05F000.00000002.00000001.01000000.00000020.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3036978036.000000006B05F000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515050059.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514970949.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000253F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506505712.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506430501.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512162220.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512162220.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003BAA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2523543054.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003561000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507516638.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507427065.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504243316.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504159655.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002668000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003577000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508545918.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508453738.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502686353.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502766660.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511198943.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511119138.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000367E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000254B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506832813.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506997685.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000000.2397870704.0000000000CF4000.00000002.00000001.01000000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3012592171.0000000000CF4000.00000002.00000001.01000000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503874999.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503795518.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511612001.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511510568.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498710906.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000002.2541944569.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000000.2539969483.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000000.2542392303.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000002.2546599528.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000000.2547277675.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000002.2549332242.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003598000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509489281.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509420949.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503360993.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503245511.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002471000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500856194.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500924395.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000260C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513291230.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513376813.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003695000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003BAA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2523013632.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3036530043.000000006B1D0000.00000002.00000001.01000000.00000023.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3035912732.000000006AFE0000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502958064.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503031592.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002577000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508855277.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508775878.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025F5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512694238.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512828745.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501469490.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501396218.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501201979.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501124961.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002443000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499506741.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499581319.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002599000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509800975.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509897659.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003505000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504654126.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504556934.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002651000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2519235215.0000000000792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3030732013.000000006B05F000.00000002.00000001.01000000.00000020.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3036978036.000000006B05F000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000004.00000000.2351927899.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000004.00000002.3025745864.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003433000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498922442.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499001518.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002582000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509199521.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509064749.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515449368.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515530043.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000002.3023526056.0000000000CB8000.00000002.00000001.01000000.00000015.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000000.2443494672.0000000000CB8000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511871734.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511871734.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003534000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505899457.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505826712.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000002.3015858308.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002E4D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2531480760.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2531539103.000000000077F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000368A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499867477.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499791856.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000362E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514440345.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514539688.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502178961.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502252248.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000353F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506107536.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506182934.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035F5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512459317.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512397595.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003464000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500300737.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500378269.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510720559.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510833832.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002645000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2516096036.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2516169870.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libwautils.pdb source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000249F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501941518.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501941518.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3024609901.00000000006D0000.00000002.00000001.00040000.0000002E.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3021165158.0000000000F70000.00000002.00000001.00040000.0000002D.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518344685.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000360C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513083428.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513014653.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505536479.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505622064.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002493000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501666612.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501739736.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000C.00000002.2537684793.0000000000BE0000.00000002.00000001.00040000.0000001D.sdmp, NortonBrowserUpdate.exe, 00000011.00000002.2638509923.0000000000880000.00000002.00000001.00040000.0000001D.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3020382819.0000000000AC0000.00000002.00000001.00040000.0000001D.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbN source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Source\Repos\DS-Platform\CppInstaller\CppSetup\bin\Win32\Release\CppSetup.pdb source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499286392.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499215886.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508107082.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507887208.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_004028D5 FindFirstFileW,6_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_0040679D FindFirstFileW,FindClose,6_2_0040679D
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C37220 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,7_2_00C37220
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C2E430 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,7_2_00C2E430
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C34850 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,7_2_00C34850
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C61570 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,7_2_00C61570
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E31668 GetLongPathNameW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,9_2_00E31668
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E72224 FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00E72224
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\Temp\ISVA121.tmpJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zipJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 104.20.87.8 104.20.87.8
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.08
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3033580170.0000000005428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2518344685.0000000000792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustX
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2519235215.0000000000792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrusteX
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2531021035.0000000000770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Code
Source: utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com/
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com/1(
Source: NortonBrowserUpdate.exe, 00000017.00000003.2603448557.0000000000BC7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com/browser-norton/win/x64/131.0.27894.265/
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2603448557.0000000000BE2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com/browser-norton/win/x64/131.0.27894.265/NortonBrowserInsta
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BC7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2603448557.0000000000BC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com/browser-norton/win/x64/131.0.27894.265/a012cX
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn-update.norton.securebrowser.com:80/browser-norton/win/x64/131.0.27894.265/NortonBrowserIn
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx7
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxg
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxl
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxp
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxv
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlirsReportReport:
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000791000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000806000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828220020.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829664881.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826162014.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829896027.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.0000000004FE0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825453522.000000000524F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCe
Source: NortonBrowserUpdate.exe, 00000017.00000003.2584669798.0000000000B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCer
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3033580170.0000000005428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2531021035.0000000000770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA40
Source: NortonBrowserUpdate.exe, 00000017.00000003.2584669798.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2586068149.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2585346386.0000000000B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA25
Source: utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdate.exe, 00000017.00000002.3020382819.0000000000AC5000.00000002.00000001.00040000.0000001D.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: NortonBrowserUpdate.exe, 00000017.00000003.2593612842.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2584669798.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2586068149.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2585346386.0000000000B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTruu
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000004.00000002.3015053119.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en;
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3019010572.0000000000D13000.00000002.00000001.01000000.0000000C.sdmp, avg_antivirus_free_setup.exe, 00000005.00000000.2358071196.0000000000D13000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000006.00000000.2364065167.000000000040A000.00000008.00000001.01000000.0000000D.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2531021035.0000000000770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.dig
Source: NortonBrowserUpdate.exe, 0000000A.00000003.2565834490.0000000000783000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2565882432.0000000000799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.c
Source: utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3033580170.0000000005428000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.000000000505E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443166784.0000000004B5B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000791000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000806000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828220020.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829664881.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826162014.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829896027.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.0000000004FE0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825453522.000000000524F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/
Source: saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/E
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000791000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000806000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828220020.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829664881.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826162014.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829896027.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crtE
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crtj
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.0000000004FE0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825453522.000000000524F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518130154.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518130154.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518130154.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3021753137.0000000004EAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3021304841.0000000004E50000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EA9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369660863.0000000004EAB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EA9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001411311.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3021643724.0000000004E9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369758479.0000000004E8F000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3021429150.0000000004E75000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001845820.0000000004ECD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3023440942.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001952703.0000000004E74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369758479.0000000004E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgik
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369758479.0000000004E8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiw
Source: avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001411311.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3021643724.0000000004E9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi2
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369660863.0000000004EAB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgito
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: utweb_installer (1).exe, 00000000.00000003.2363580296.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3023440942.0000000004ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001845820.0000000004ECD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3023440942.0000000004ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/-
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3023921133.0000000004EF9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3023440942.0000000004ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001411311.0000000004E9A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3021643724.0000000004E9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448777502.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449249474.0000000005421000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825453522.000000000524F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://www.mcafee.com
Source: utweb_installer (1).exe, 00000000.00000003.1761034795.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1761071220.0000000000FF7000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2350228686.00000000054E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/)
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: norton_secure_browser_setup.exe, 00000006.00000002.3035269025.0000000002803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/license/?l=%LOCALE%licenseAgreement
Source: norton_secure_browser_setup.exe, 00000006.00000002.3035269025.0000000002803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/privacy/?l=%LOCALE%privacyPolicyLin
Source: norton_secure_browser_setup.exe, 00000006.00000002.3035269025.0000000002803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/uninstall-survey/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://:///diffs//universe/.cgtt:http://.lzma/defs/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, saBSI.exe, 00000009.00000002.3020739630.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000009.00000003.2485082532.0000000000B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/3
Source: saBSI.exe, 00000009.00000003.2485082532.0000000000B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/G
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/aO&
Source: saBSI.exe, 00000009.00000003.2506736707.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2485082532.0000000000B46000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record_
Source: saBSI.exe, 00000004.00000000.2351927899.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3025745864.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2429919570.0000000002FEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2616496399.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2562331325.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440370293.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2532431331.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2429422038.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3013890778.0000000002FBE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3013890778.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2429919570.0000000002FEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2600790708.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439848216.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2475564309.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2631105805.0000000002FBF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2640704770.0000000002FBE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2640704770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2429919570.0000000002FEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/7R
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FEE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2429919570.0000000002FEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/RR
Source: icarus.exe, 00000018.00000003.2765267213.00000246D07AF000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647899089.00000246D0770000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2757135622.00000246D08CE000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647640157.00000246D0790000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001B.00000002.3029296494.000002355FA06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: icarus.exe, 00000018.00000003.2765267213.00000246D07AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25.1
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25c
Source: icarus.exe, 0000001B.00000002.3029296494.000002355FA06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25ve/j
Source: icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25ve/jdr
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25H
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2430404161.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2430563803.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25analytics-prod-gcp.ff.avas.
Source: saBSI.exe, saBSI.exe, 00000009.00000002.3020739630.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.playanext.com/httpapi
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3035269025.0000000002803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED
Source: icarus.exe, 00000018.00000003.2647899089.00000246D0770000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647640157.00000246D0790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe
Source: icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exerM
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxargumentsshow-windowretriesRunProcessAllUsers
Source: saBSI.exe, saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co.apis.mcafee.com/wa/ml-lookup
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co.apis.mcafee.com/wa/ml-lookupP.
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://co.apis.mcafee.com/wa/ml-lookups:
Source: saBSI.exe, 00000009.00000003.2606699752.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596877747.0000000000B9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3022560391.0000000004EBD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3022560391.0000000004EBD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3021753137.0000000004EAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EA9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01Nn
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518130154.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518130154.0000000000793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.co.apis.mcafee.com//wa/ml-lookup
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.co.apis.mcafee.com//wa/ml-lookupg0
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.co.apis.mcafee.com//wa/ml-lookupz0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.goo
Source: norton_secure_browser_setup.exe, 00000006.00000002.3047260295.0000000003E59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.gooP
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-lb.utorrent.com/
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-lb.utorrent.com/Su
Source: utweb_installer (1).exe, 00000000.00000003.2370891380.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/beta
Source: utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/beta30
Source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/betahttps://www.bittorrent.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: utweb_installer (1).exe, 00000000.00000003.2370016209.0000000005B1D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368425433.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2362879762.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2379232825.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2371909381.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363341592.0000000005B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/
Source: utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/1
Source: utweb_installer (1).exe, 00000000.00000003.2370016209.0000000005B1D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368425433.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2362879762.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2379232825.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2371909381.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363341592.0000000005B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/25
Source: utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/84
Source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/f/
Source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/o
Source: utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/o59
Source: utweb_installer (1).exe, 00000000.00000003.1883305438.000000000103F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/oNAr
Source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/ohttps://dvpwdfe80sj9.cloudfront.net/zbdhttps://dvpwdfe80sj9.clo
Source: utweb_installer (1).exe, 00000000.00000002.2378751761.0000000005B01000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2379232825.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000003.2371909381.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363341592.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/zbd
Source: utweb_installer (1).exe, 00000000.00000003.2370016209.0000000005B1D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368425433.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2379232825.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2371909381.0000000005B1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/zbd9
Source: utweb_installer (1).exe, 00000000.00000003.2370016209.0000000005B1D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368425433.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2362879762.0000000005B0D000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2371909381.0000000005B1E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2363341592.0000000005B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/zbdU
Source: utweb_installer (1).exe, 00000000.00000003.2371855358.0000000005B56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net:443/zbd:
Source: utweb_installer (1).exe, 00000000.00000003.2369743476.0000000005B56000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2379311455.0000000005B56000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2366318785.0000000005B56000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2362602216.0000000005B56000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2362749070.0000000005B56000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2371855358.0000000005B56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dvpwdfe80sj9.cloudfront.net:443/zbdice
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: utweb_installer (1).exe, 00000000.00000003.2362943241.00000000054E4000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373526461.0000000000936000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000003.2369819114.00000000054E5000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1761034795.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1761071220.0000000000FF7000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2350228686.00000000054E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/arvidn/libtorrent/blob/master/LICENSE
Source: utweb_installer (1).exe, 00000000.00000003.1761034795.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/webtorrent/webtorren
Source: utweb_installer (1).exe, 00000000.00000003.2362943241.00000000054E4000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370443655.00000000054E4000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373526461.0000000000936000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000003.1761034795.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1761071220.0000000000FF7000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2350228686.00000000054E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/webtorrent/webtorrent/blob/master/LICENSE
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2439952104.0000000002FED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439912312.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439777894.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000007.00000002.3013416001.0000000002F65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439912312.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439777894.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2550767150.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2561880887.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2475639597.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3013890778.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2633623116.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2475713809.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2600915122.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2640704770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2631105805.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2562792435.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2550767150.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2561880887.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/)
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2513433223.0000000002FD5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2532551923.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2532180731.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2430404161.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439777894.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2430404161.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzmaI
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2468080879.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439952104.0000000002FED000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439912312.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2439777894.0000000002FCD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2475639597.0000000002FD4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2475713809.0000000002FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/q
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369660863.0000000004EAB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EA9000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: icarus.exe, 00000018.00000003.2756574682.00000246D07A9000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/univer
Source: icarus.exe, 00000018.00000003.2756574682.00000246D07A9000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/univerlocalhos
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/26cc/f6e4/2295/26ccf6e42295e3c6591fc4a2a7a4a52e26a1ac4148f52dfa5fc
Source: icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/4312/f19b/e115/4312f19be115f1032db281344af1ddc4e683ee01cc66384ec6a
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2631105805.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/50b5/1779/9fe8/50b517799fe861d3c6a134dd8d358ec85d29075a4d743ca8d9d
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/5caf/2830/fe02/5caf2830fe0232cc24c4163dcaa52c9df53fb1a441def29b115
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/5ecc/0fd5/b57d/5ecc0fd5b57d6036fe66e5f623dc022c4ada8f95d9fa150acf3
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/63e1/01ad/6342/63e101ad6342164145abfcfef8a1814f7f6efb962d28f728026
Source: icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/68a4/e780/623f/68a4e780623f020d927e85b68cbca22fdb8476b2fede8847543
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/712e/edbc/4630/712eedbc4630f36e62d87dac4e8bf51bd358ecb19878df025b3
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/7479/bc6f/3f0c/7479bc6f3f0c130a251b52486b5bd78a51f657ae5539fdd964f
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/ad90/561e/fcda/ad90561efcdac30553aad5b1a5cd0bf42df740af74be5097610
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/af32/b8c8/f756/af32b8c8f756a9
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/af32/b8c8/f756/af32b8c8f756a947f356a065b1d4960dade35f79aaabffaaad1
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/af32/b8c8/f756/af32b8c8f756a9S
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2600481789.0000000002FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/bdcb/63e5/4d91/bdcb63e54d91478a68dbb5175bb01943b20899cccea6dcd80f0
Source: icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/cc77/4188/48fa/cc77418848fa1625f8e1e78e846b430f7b5e574569a8804fdda
Source: icarus.exe, 00000018.00000003.2701402892.00000246D077A000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/db5c/3bf0/5310/db5c3bf05310c0
Source: icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/db5c/3bf0/5310/db5c3bf05310c073569f042ed06b8012256be47b668d7cc286c
Source: icarus.exe, 00000018.00000003.2677089715.00000246D079A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/dce3/54f2/3e84/dce354f23e841a0a92242b0dca5d692b00071698a891d722804
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2631105805.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f0ab/81b1/889a/f0ab81b1889a7e6ac17700a476315c2e7da2b6e155ddde55702
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2426860205.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/defs/avg-av/release.xml.lzma
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369660863.0000000004EAB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2436077770.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/ad90/561e/fcda/ad90561efcdac30553aad5b1a5cd0bf42df740af74be509
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://http://:/httphttps://winqual.sb.avast.comStreamback
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2638896984.00000246CE9F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647899089.00000246D0770000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647640157.00000246D0790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2638896984.00000246CE9F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-TypePOSTGETFailed
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/privacy
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.764/updatefile.json
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafe
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/E
Source: saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/S
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/TpR
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000004.00000003.2406711504.0000000000810000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/48/Win32/saBSI.exe
Source: saBSI.exe, 00000004.00000002.3015053119.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.0000000004FE0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.1/1006/Win32/saBSI.exe
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517298332.00000000051F5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552121422.0000000000BA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml.
Source: saBSI.exe, 00000009.00000003.2517984016.000000000520A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000004.00000003.2406711504.0000000000810000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000004.00000003.2406711504.0000000000810000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552121422.0000000000BA5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2485082532.0000000000B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000004.00000002.3015053119.00000000007B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml$
Source: saBSI.exe, 00000004.00000003.2406711504.0000000000810000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplat.?SELF_UPDATE_ALLOWEDMAIN_XMLSTO
Source: saBSI.exe, 00000004.00000000.2351927899.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000004.00000002.3025745864.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json8
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonE;.WSF;
Source: saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000004.00000003.2406711504.0000000000810000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517547714.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2552651069.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2506591388.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2518085131.0000000000B96000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2517774989.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2496698237.0000000000B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binarypare=
Source: saBSI.exe, 00000009.00000003.2826335495.0000000005232000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828342683.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829942075.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2828383527.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2829991926.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.0000000005232000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005233000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2825728004.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024260060.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2572912164.0000000005234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/1010/
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/1010/64/installer.exe-
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/1010/64/installer.exeU
Source: saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2572912164.0000000005234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000009.00000003.2826335495.0000000005232000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.0000000005232000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005233000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2572912164.0000000005234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000009.00000003.2606699752.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2595910756.000000000525E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596877747.0000000000B9F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2596957788.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2606547186.000000000525E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000004.00000000.2351927899.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000004.00000002.3025745864.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sat$$Q
Source: saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sciter.com0/
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2391244170.0000000004EF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: icarus.exe, 00000018.00000002.3032557074.00000246CEA15000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2757135622.00000246D08CE000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2647640157.00000246D0790000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001B.00000002.3029296494.000002355FA06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000002.3013416001.0000000002F8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net//url
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActi
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.00000000007EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.0000000000861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1740321748008&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com?_=1740321748008Lb
Source: norton_secure_browser_setup.exe, 00000006.00000002.3035269025.0000000002803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2632693509.00000000058C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: NortonBrowserUpdate.exe, 00000011.00000002.2638679426.0000000000917000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000003.2598669727.0000000001357000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000002.2600242603.0000000001359000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000003.2597635005.0000000001356000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com/
Source: NortonBrowserUpdate.exe, 00000015.00000003.2597635005.0000000001356000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2584922202.0000000000B66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2585346386.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2603448557.0000000000BBA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2593899150.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2586068149.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2589495890.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2603448557.0000000000BE2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2585616373.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2593612842.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BB2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2584669798.0000000000BA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com/service/update2
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com/service/update2?cup2key=9:3362732722&cup2hreq=5ee18eabd3da40
Source: NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com:443/service/update2?cup2key=9:3362732722&cup2hreq=5ee18eabd3
Source: NortonBrowserUpdate.exe, 00000015.00000003.2598471527.0000000001313000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000002.2599932565.0000000001315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com:443/service/update2X
Source: NortonBrowserUpdate.exe, 00000011.00000002.2638679426.00000000008E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.norton.securebrowser.com:443/service/update2me3
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.com
Source: icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.cW
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.co
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: utweb_installer (1).exe, 00000000.00000002.2374582103.0000000001007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: utweb_installer (1).exe, 00000000.00000003.2368712155.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.000000000102E000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1883305438.000000000103F000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula.
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000001007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacyeJ3UirQGE5J
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacyt
Source: utweb_installer (1).exe, 00000000.00000003.2368712155.0000000001019000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000001019000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.0000000001019000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.bittorrent.com/legal/privacy-policy/
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.bittorrent.com/legal/terms-of-use/
Source: utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bittorrent.com/legal/terms-of-use/DArq
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-lic
Source: utweb_installer (1).exe, 00000000.00000003.2350020231.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000791000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441885991.0000000000833000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.000000000080C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2449297410.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.000000000080A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448845331.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3031287993.0000000004FE0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2441971127.0000000000806000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000003.2448080306.0000000000826000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826335495.000000000524D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3033346487.000000000520A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2826603529.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3033346487.0000000005221000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3024682258.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.000000000083A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privac
Source: utweb_installer (1).exe, 00000000.00000003.2368712155.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: utweb_installer (1).exe, 00000000.00000003.2370891380.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000001007000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000001007000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html6481799D
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlN
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html4
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlb
Source: norton_secure_browser_setup.exe, 00000006.00000003.2443074847.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000006.00000002.3016364625.000000000040A000.00000004.00000001.01000000.0000000D.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036AA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002493000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000254B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/u?
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/I
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_00405601
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile dropped: C:\Program Files\McAfee\Temp3870638436\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
Writes many files with high entropy
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip entropy: 7.99994992874Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\c79b8906-ed9e-4dd2-b719-4c51f88a9427 entropy: 7.99988765545Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\9595761d-731a-427b-82f3-d9a7c2fc9534 entropy: 7.99861530775Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\setupui.cont entropy: 7.99962788585Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\6531f258-d965-45cc-9434-426620c71dc0 entropy: 7.99949368008Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\a6717b39-3094-4b9f-b2e8-d3432e1b3a67 entropy: 7.99992984244Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\e08e6ef8-4281-412f-9974-1e01d343bd0a entropy: 7.99994664345Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\8a594801-bb19-4f85-b116-2488197cfe68 entropy: 7.99983973606Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe entropy: 7.99225431001Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{ABACDE7D-7B73-41F6-9C86-A11B7462F32D}-NortonBrowserInstaller.exe entropy: 7.9999884023Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\setupui.cont entropy: 7.99962788585Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_product.dll.lzma entropy: 7.9999080354Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\aswOfferTool.exe.lzma entropy: 7.99980680504Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe.lzma entropy: 7.99992774124Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_product.dll.lzma entropy: 7.9994062061Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99268245154Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\dump_process.exe.lzma entropy: 7.9998298788Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\bug_report.exe.lzma entropy: 7.99990644115Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5.lzma entropy: 7.99915784202Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5.lzma entropy: 7.99915943826Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Bold.ttf.ipending.1b4129d5.lzma entropy: 7.99698708313Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\proximanova-regular.otf.ipending.1b4129d5.lzma entropy: 7.99680209089Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5.lzma entropy: 7.99610809067Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5.lzma entropy: 7.99946283194Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5.lzma entropy: 7.99864095779Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5.lzma entropy: 7.99973742629Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5.lzma entropy: 7.99895290298Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5.lzma entropy: 7.9993057356Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.1b4129d5.lzma entropy: 7.99915211482Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5.lzma entropy: 7.99967614876Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5.lzma entropy: 7.9982262317Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5.lzma entropy: 7.99979654241Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5.lzma entropy: 7.99987168321Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5.lzma entropy: 7.99984124576Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5.lzma entropy: 7.99996225598Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5.lzma entropy: 7.99945139508Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5.lzma entropy: 7.99973839637Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5.lzma entropy: 7.99616210321Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\analyticsmanager.cab entropy: 7.99973667993Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\browserhost.cab entropy: 7.99973345705Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\browserplugin.cab entropy: 7.99920260055Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\logicmodule.cab entropy: 7.99977808534Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\mfw-webadvisor.cab entropy: 7.99547598811Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\mfw.cab entropy: 7.99915982608Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\servicehost.cab entropy: 7.99877089252Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\settingmanager.cab entropy: 7.99956667001Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\taskmanager.cab entropy: 7.99987934899Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\uihost.cab entropy: 7.99882446685Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\uimanager.cab entropy: 7.99972751073Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\uninstaller.cab entropy: 7.99950524894Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\updater.cab entropy: 7.99958781727Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\wssdep.cab entropy: 7.99930285617Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 8140, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 2200, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4076, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 5752, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4228, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7472, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7504, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUTAC77.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C0C840 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,7_2_00C0C840
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C0FF80 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,7_2_00C0FF80
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C0C900 NtQueryInformationProcess,7_2_00C0C900
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE23E0 NtQueryDirectoryFile,NtQueryDirectoryFile,9_2_00DE23E0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE6860 NtClose,NtClose,9_2_00DE6860
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE7010 NtClose,NtOpenKeyEx,NtNotifyChangeMultipleKeys,9_2_00DE7010
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE7030 NtCreateFile,NtCreateFile,9_2_00DE7030
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC6220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,4_2_00EC6220
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C0DC00 DuplicateTokenEx,SetTokenInformation,SetTokenInformation,GetLastError,CreateProcessAsUserW,GetLastError,CloseHandle,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00C0DC00
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_0040350D
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\43db66.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDCEC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\43db69.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\43db69.msi
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Windows\system32\icarus_rvrt.exe
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\43db69.msi
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC8FB04_2_00EC8FB0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC4F504_2_00EC4F50
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC70D94_2_00EC70D9
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00ECF1104_2_00ECF110
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFD5404_2_00EFD540
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F018404_2_00F01840
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EE3AC04_2_00EE3AC0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFFFE04_2_00EFFFE0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EF81904_2_00EF8190
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F083A04_2_00F083A0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFA5404_2_00EFA540
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F106604_2_00F10660
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EAA6104_2_00EAA610
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F486094_2_00F48609
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F047C04_2_00F047C0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F568E04_2_00F568E0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F028A04_2_00F028A0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F509924_2_00F50992
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F309194_2_00F30919
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F50AB24_2_00F50AB2
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F30B4B4_2_00F30B4B
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EA2B004_2_00EA2B00
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F2ADD04_2_00F2ADD0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F30DB04_2_00F30DB0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F06D434_2_00F06D43
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00ED8EA04_2_00ED8EA0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EACF404_2_00EACF40
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EFF1504_2_00EFF150
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EED2C04_2_00EED2C0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EE73B04_2_00EE73B0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F3B3404_2_00F3B340
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F3933A4_2_00F3933A
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F0B4F04_2_00F0B4F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F414AF4_2_00F414AF
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EA54004_2_00EA5400
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F076024_2_00F07602
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F4D8E04_2_00F4D8E0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EAF8304_2_00EAF830
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F3390B4_2_00F3390B
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F03A304_2_00F03A30
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EDFB404_2_00EDFB40
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00ECBCB04_2_00ECBCB0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00ED3C504_2_00ED3C50
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EA7D104_2_00EA7D10
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF52F05_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CFBB705_2_00CFBB70
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D0C9D05_2_00D0C9D0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D1126C5_2_00D1126C
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CFD3405_2_00CFD340
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CFEDE05_2_00CFEDE0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D066E45_2_00D066E4
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D0CE7E5_2_00D0CE7E
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_00406B646_2_00406B64
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C623107_2_00C62310
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C5A5107_2_00C5A510
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C4A9607_2_00C4A960
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C70A107_2_00C70A10
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C48CC07_2_00C48CC0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C36CB07_2_00C36CB0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C62DD07_2_00C62DD0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C4B0107_2_00C4B010
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C672507_2_00C67250
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C696F07_2_00C696F0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C1FAC07_2_00C1FAC0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C4BC807_2_00C4BC80
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C87E407_2_00C87E40
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BFE0B07_2_00BFE0B0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C020407_2_00C02040
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CAA0007_2_00CAA000
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C301807_2_00C30180
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BEC1C07_2_00BEC1C0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C6E2007_2_00C6E200
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C383E07_2_00C383E0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C003A07_2_00C003A0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C1A3607_2_00C1A360
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CAA3707_2_00CAA370
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C024C07_2_00C024C0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CCA5537_2_00CCA553
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CCC5007_2_00CCC500
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CAA6C07_2_00CAA6C0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CC26DD7_2_00CC26DD
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C866D07_2_00C866D0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BFC6F07_2_00BFC6F0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C3E6907_2_00C3E690
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BEC7E07_2_00BEC7E0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CD69437_2_00CD6943
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CE09697_2_00CE0969
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CB89137_2_00CB8913
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CAC9307_2_00CAC930
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C22AC07_2_00C22AC0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CC2A6B7_2_00CC2A6B
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BFEA707_2_00BFEA70
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C04BF07_2_00C04BF0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C02B007_2_00C02B00
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C28CF07_2_00C28CF0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C86CA07_2_00C86CA0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C5CC707_2_00C5CC70
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BEAC007_2_00BEAC00
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C0AD607_2_00C0AD60
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CB6E007_2_00CB6E00
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C58E107_2_00C58E10
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BFCF407_2_00BFCF40
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BE10007_2_00BE1000
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C212607_2_00C21260
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C653407_2_00C65340
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C034507_2_00C03450
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C915207_2_00C91520
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C015307_2_00C01530
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C89AE07_2_00C89AE0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CB1AF07_2_00CB1AF0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BFDA807_2_00BFDA80
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C05BE07_2_00C05BE0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CAFCC07_2_00CAFCC0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CD5CA47_2_00CD5CA4
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C3BDA07_2_00C3BDA0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CADD007_2_00CADD00
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C53EF07_2_00C53EF0
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C2BE907_2_00C2BE90
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CAA8D48_2_00CAA8D4
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CAF9318_2_00CAF931
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA432C8_2_00CA432C
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CB5CAB8_2_00CB5CAB
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CB24388_2_00CB2438
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CB1FB08_2_00CB1FB0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DEE1509_2_00DEE150
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E081709_2_00E08170
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DF62B09_2_00DF62B0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DFE2409_2_00DFE240
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E0A9909_2_00E0A990
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC2F509_2_00DC2F50
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DFF0B09_2_00DFF0B0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DD10309_2_00DD1030
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DED5909_2_00DED590
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DCB5709_2_00DCB570
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC95009_2_00DC9500
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E057609_2_00E05760
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E09A909_2_00E09A90
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DEFA209_2_00DEFA20
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC3B809_2_00DC3B80
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E27F909_2_00E27F90
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DA43509_2_00DA4350
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DBA4A09_2_00DBA4A0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC84209_2_00DC8420
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E005309_2_00E00530
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E026E09_2_00E026E0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE46809_2_00DE4680
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DDA6409_2_00DDA640
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E4E7719_2_00E4E771
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E0C8009_2_00E0C800
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E168009_2_00E16800
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E5680F9_2_00E5680F
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DBE9909_2_00DBE990
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DA69309_2_00DA6930
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DD8AE09_2_00DD8AE0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DDAA609_2_00DDAA60
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E70B899_2_00E70B89
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E56B6E9_2_00E56B6E
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC8B509_2_00DC8B50
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E4CDEB9_2_00E4CDEB
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E12D509_2_00E12D50
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DA8ED09_2_00DA8ED0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E56ECC9_2_00E56ECC
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E02ED09_2_00E02ED0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DE2E009_2_00DE2E00
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DFAFB09_2_00DFAFB0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DD90B09_2_00DD90B0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E630709_2_00E63070
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E610029_2_00E61002
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E693119_2_00E69311
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DAB4E09_2_00DAB4E0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DCD5D09_2_00DCD5D0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DD97009_2_00DD9700
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E2D8C09_2_00E2D8C0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E498009_2_00E49800
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DCFA909_2_00DCFA90
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DADA809_2_00DADA80
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E0BA009_2_00E0BA00
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DC5C409_2_00DC5C40
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DA1D909_2_00DA1D90
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00DD3EF09_2_00DD3EF0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E75E849_2_00E75E84
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E272AD09_2_6E272AD0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E2729109_2_6E272910
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E27F73D9_2_6E27F73D
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E27F2909_2_6E27F290
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E28512B9_2_6E28512B
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E2791809_2_6E279180
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00E47AED appears 58 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00DB0CD4 appears 176 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00E470FF appears 182 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00E46E48 appears 246 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 6E2751B0 appears 35 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00DEFA20 appears 197 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00DB28BF appears 31 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00DB6750 appears 37 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00DB1400 appears 63 times
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: String function: 00E48110 appears 58 times
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: String function: 00BF8860 appears 52 times
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: String function: 00C07590 appears 115 times
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: String function: 00C08230 appears 34 times
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: String function: 00C96340 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: String function: 00CA57E0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00EB1BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F44231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F28DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F285BF appears 71 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F29600 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F28E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00EE8650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F28713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: String function: 00F2A3A0 appears 32 times
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: saBSI.exe.4.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: sciterui.dll.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_th.dll.8.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.8.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.8.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.8.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.8.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.8.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.8.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: installer.exe.9.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 26081889 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 939 datablocks, 0x1 compression
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.0.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.6.drStatic PE information: No import functions for PE file found
Source: utweb_installer (1).exe, 00000000.00000003.2362602216.0000000005B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2353452102.0000000005B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2354638333.0000000005B4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2349981306.0000000005B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2354079373.0000000005B44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005B0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsMpLics.dllj% vs utweb_installer (1).exe
Source: utweb_installer (1).exe, 00000000.00000003.2352308191.0000000005AF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemicrostub.exe( vs utweb_installer (1).exe
Source: utweb_installer (1).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 8140, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 2200, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4076, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 5752, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdateComRegisterShell64.exe PID: 4228, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7472, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7504, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUTAC77.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: classification engineClassification label: mal50.rans.spyw.evad.winEXE@47/856@0/15
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA2E59 GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,8_2_00CA2E59
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_0040350D
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C10100 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,7_2_00C10100
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EB4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00EB4C8E
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EB5C1E CoCreateInstance,OleRun,4_2_00EB5C1E
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00ED5318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,4_2_00ED5318
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560Jump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeMutant created: NULL
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\d51cfb42995b03fc4b008b49ba6518ab
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\0f931c3e91fdac2599eb0ca71aa226a7
Source: C:\Users\user\Desktop\utweb_installer (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\CppSetupISVSingleInstanceMutex
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\081fb76a9008af2f1832b3e90ccedfae
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: /silent5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: /cookie5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: /cust_ini5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: Enabled5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxyType5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: Port5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: User5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: Password5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: ProxySettings5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: Properties5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: /smbupd5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: enable5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: mirror5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: count5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: servers5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: urlpgm5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: server05_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: http://5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: https://5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: allow_fallback5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: mirror5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: installer.exe5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: stable5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCommand line argument: %s\%s5_2_00CF52F0
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCommand line argument: kernel32.dll8_2_00CA24AD
Source: utweb_installer (1).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT ((visits.visit_time/1000000)-11644473600) AS vtime FROM 'visits' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT last_visit_date / 1000000 AS vtime FROM 'moz_places' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: utweb_installer (1).exeVirustotal: Detection: 9%
Source: unknownProcess created: C:\Users\user\Desktop\utweb_installer (1).exe "C:\Users\user\Desktop\utweb_installer (1).exe"
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies"
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_update
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies"
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezU5QkQwODA2LUQ0OEQtNEIzMy04QTQwLTREMUZCMzlCNTc2RH0iIHVzZXJpZD0iezM1OEJGNjQ0LTk5NzQtNEU1Qy04NDhELTRCNDQxNzcyRDg1Qn0iIHVzZXJpZF9kYXRlPSIyMDI1MDIyMyIgbWFjaGluZWlkPSJ7MDAwMDQ0RUUtMDY5My1BMjEyLTQ4ODItNjlBQzBENjg4NzAzfSIgbWFjaGluZWlkX2RhdGU9IjIwMjUwMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0IwQjBENkJFLTk4MDQtNDY0Ni1BOUNBLTY0REY1NEExOThBMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iODE0MCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59BD0806-D48D-4B33-8A40-4D1FB39B576D}" /silent
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeProcess created: C:\Program Files\McAfee\Temp3870638436\installer.exe "C:\Program Files\McAfee\Temp3870638436\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUiJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_updateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies"Jump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies"
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezU5QkQwODA2LUQ0OEQtNEIzMy04QTQwLTREMUZCMzlCNTc2RH0iIHVzZXJpZD0iezM1OEJGNjQ0LTk5NzQtNEU1Qy04NDhELTRCNDQxNzcyRDg1Qn0iIHVzZXJpZF9kYXRlPSIyMDI1MDIyMyIgbWFjaGluZWlkPSJ7MDAwMDQ0RUUtMDY5My1BMjEyLTQ4ODItNjlBQzBENjg4NzAzfSIgbWFjaGluZWlkX2RhdGU9IjIwMjUwMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0IwQjBENkJFLTk4MDQtNDY0Ni1BOUNBLTY0REY1NEExOThBMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iODE0MCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59BD0806-D48D-4B33-8A40-4D1FB39B576D}" /silent
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeProcess created: C:\Program Files\McAfee\Temp3870638436\installer.exe "C:\Program Files\McAfee\Temp3870638436\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: riched32.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: apphelp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: acgenral.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winmm.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: samcli.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: msacm32.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: version.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: userenv.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: dwmapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: urlmon.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: mpr.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: sspicli.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: iertutil.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: srvcli.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: netutils.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: aclayers.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: sfc.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: sfc_os.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: wldp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: profapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: wtsapi32.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winsta.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winhttp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: webio.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: mswsock.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: iphlpapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: winnsi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: dnsapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: rasadhlp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: fwpuclnt.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: schannel.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: mskeyprotect.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: ntasn1.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: ncrypt.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: ncryptsslp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: msasn1.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: cryptsp.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: rsaenh.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: cryptbase.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: gpapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: dpapi.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: dhcpcsvc6.dll
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\Desktop\utweb_installer (1).exeWindow found: window name: RICHEDITJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Agree
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Agree
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Agree
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Next
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Agree
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeAutomated click: Accept
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Windows\SysWOW64\RICHED32.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\aswb673e8bc4ae1bcef.tmp
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.1b4129d5.lzma
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5
Source: utweb_installer (1).exeStatic PE information: certificate valid
Source: utweb_installer (1).exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: utweb_installer (1).exeStatic file information: File size 4570624 > 1048576
Source: utweb_installer (1).exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x217c00
Source: utweb_installer (1).exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x180200
Source: utweb_installer (1).exeStatic PE information: More than 200 imports for USER32.dll
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: utweb_installer (1).exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: utweb_installer (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025A5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510276964.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510167218.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002C24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003738000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000000.2482135963.00000000004A1000.00000020.00000001.01000000.00000017.sdmp, NortonBrowserUpdate.exe, 0000000C.00000000.2534622907.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 0000000D.00000000.2538894476.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000010.00000000.2543505515.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000011.00000000.2544839828.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000013.00000002.2571761646.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000015.00000000.2578725302.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3011867930.0000000000111000.00000020.00000001.01000000.0000001B.sdmp, NortonBrowserUpdate.exe, 00000017.00000000.2581278209.0000000000111000.00000020.00000001.01000000.0000001B.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000265D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002C7C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002617000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513859272.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513612481.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000005.00000002.3019010572.0000000000D13000.00000002.00000001.01000000.0000000C.sdmp, avg_antivirus_free_setup.exe, 00000005.00000000.2358071196.0000000000D13000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518344685.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498710906.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000002.2541944569.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000000.2539969483.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000000.2542392303.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000002.2546599528.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000000.2547277675.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000002.2549332242.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, saBSI.exe, 00000009.00000000.2449901810.0000000000EF4000.00000002.00000001.01000000.00000016.sdmp, saBSI.exe, 00000009.00000002.3037866767.000000006E287000.00000002.00000001.01000000.0000001A.sdmp, saBSI.exe, 00000009.00000002.3029355701.0000000000EF3000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518797463.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003470000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500595629.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500671930.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.00000000037FB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002CE4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3038225499.000000006CF81000.00000002.00000001.01000000.00000018.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3032930931.000000006B781000.00000002.00000001.01000000.0000001C.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3038549732.000000006B781000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003511000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504952902.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505063009.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034C0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502462155.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502462155.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2596266247.0000000005A8F000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 00000018.00000003.2727032923.00000246D0C27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002512000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505339666.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505266479.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518797463.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_product_av.pdb source: icarus.exe, 00000018.00000003.2703474272.00000246D0C5B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2519235215.0000000000792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3030732013.000000006B05F000.00000002.00000001.01000000.00000020.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3036978036.000000006B05F000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515050059.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514970949.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000253F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506505712.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506430501.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512162220.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512162220.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003BAA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2523543054.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003561000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507516638.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507427065.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024EF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504243316.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504159655.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002668000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003577000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508545918.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508453738.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502686353.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502766660.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511198943.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511119138.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000367E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000254B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506832813.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506997685.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000000.2397870704.0000000000CF4000.00000002.00000001.01000000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3012592171.0000000000CF4000.00000002.00000001.01000000.00000014.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000002.3017763276.0000000004F60000.00000002.00000001.00040000.00000014.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034EE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503874999.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503795518.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025C7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511612001.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511510568.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498710906.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000002.2541944569.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000E.00000000.2539969483.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000000.2542392303.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 0000000F.00000002.2546599528.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000000.2547277675.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp, NortonBrowserUpdateComRegisterShell64.exe, 00000012.00000002.2549332242.00007FF6C24BB000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003598000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509489281.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509420949.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024D8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503360993.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503245511.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000004.00000003.2441575385.00000000050E3000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2449727791.0000000000EAC000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002471000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500856194.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500924395.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000260C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513291230.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513376813.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003695000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003BAA000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2523013632.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3036530043.000000006B1D0000.00000002.00000001.01000000.00000023.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3035912732.000000006AFE0000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2440005277.00000000058D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000024CD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502958064.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2503031592.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003A24000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002577000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508855277.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508775878.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025F5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512694238.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512828745.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501469490.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501396218.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003487000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501201979.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501124961.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002B7C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002443000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499506741.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499581319.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002599000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509800975.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509897659.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003505000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504654126.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2504556934.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002651000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2519235215.0000000000792000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3030732013.000000006B05F000.00000002.00000001.01000000.00000020.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3036978036.000000006B05F000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2516940872.0000000005CAA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000004.00000000.2351927899.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp, saBSI.exe, 00000004.00000002.3025745864.0000000000F6E000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003433000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2498922442.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499001518.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002582000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509199521.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2509064749.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002639000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515449368.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2515530043.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000002.3023526056.0000000000CB8000.00000002.00000001.01000000.00000015.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000000.2443494672.0000000000CB8000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.00000000025D3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511871734.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2511871734.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2471911175.0000000005B31000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003534000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505899457.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505826712.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000002.3015858308.00000000004BE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000036A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003114000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000002E4D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2531480760.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2531539103.000000000077F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000368A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000244E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499867477.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499791856.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000362E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514440345.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2514539688.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000034B5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502178961.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2502252248.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000353F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506107536.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2506182934.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035F5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512459317.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2512397595.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.0000000003464000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500300737.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2500378269.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.00000000035BB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510720559.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2510833832.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002645000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2516096036.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2516169870.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libwautils.pdb source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000249F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501941518.00000000007A0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501941518.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000002.3024609901.00000000006D0000.00000002.00000001.00040000.0000002E.sdmp, NortonBrowserUpdate.exe, 00000016.00000002.3021165158.0000000000F70000.00000002.00000001.00040000.0000002D.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000305C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2518344685.0000000000792000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000360C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513083428.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2513014653.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.000000000251D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505536479.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2505622064.0000000000791000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002790000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 00000008.00000003.2451728976.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002493000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501666612.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2501739736.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000C.00000002.2537684793.0000000000BE0000.00000002.00000001.00040000.0000001D.sdmp, NortonBrowserUpdate.exe, 00000011.00000002.2638509923.0000000000880000.00000002.00000001.00040000.0000001D.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3020382819.0000000000AC0000.00000002.00000001.00040000.0000001D.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbN source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2552396118.00000000059C8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Source\Repos\DS-Platform\CppInstaller\CppSetup\bin\Win32\Release\CppSetup.pdb source: utweb_installer (1).exe, 00000000.00000002.2373256251.0000000000759000.00000002.00000001.01000000.00000003.sdmp, utweb_installer (1).exe, 00000000.00000000.1759128969.0000000000759000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2446296800.0000000002438000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499286392.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2499215886.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 00000008.00000003.2462117448.000000000356C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2508107082.0000000000791000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000A.00000003.2507887208.00000000007A1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000006.00000002.3040633301.0000000003402000.00000004.00000020.00020000.00000000.sdmp
Source: utweb_installer (1).exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: utweb_installer (1).exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: utweb_installer (1).exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: utweb_installer (1).exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: utweb_installer (1).exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EF2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,4_2_00EF2B30
Source: saBSI.exe.0.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.0.drStatic PE information: section name: .didat
Source: saBSI.exe.4.drStatic PE information: section name: .didat
Source: avg_antivirus_free_online_setup.exe.5.drStatic PE information: section name: .didat
Source: bug_report.exe.7.drStatic PE information: section name: _RDATA
Source: icarus.exe.7.drStatic PE information: section name: .didat
Source: icarus.exe.7.drStatic PE information: section name: _RDATA
Source: icarus_ui.exe.7.drStatic PE information: section name: _RDATA
Source: dump_process.exe.7.drStatic PE information: section name: .didat
Source: dump_process.exe.7.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.8.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.8.drStatic PE information: section name: _RDATA
Source: psmachine.dll.8.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.8.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.8.drStatic PE information: section name: _RDATA
Source: psuser.dll.8.drStatic PE information: section name: .orpc
Source: psuser_64.dll.8.drStatic PE information: section name: .orpc
Source: psuser_64.dll.8.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.8.drStatic PE information: section name: _RDATA
Source: installer.exe.9.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.10.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.10.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\utweb_installer (1).exeCode function: 0_2_0070CDB6 push ecx; ret 0_2_0070CDC9
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F28DDB push ecx; ret 4_2_00F28DEE
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F57CFD push ecx; ret 4_2_00F57D12
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D01396 push ecx; ret 5_2_00D013A9
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00BE8680 pushad ; iretd 7_2_00BE86ED
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C95F0C push ecx; ret 7_2_00C95F1F
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CB64C6 push ecx; ret 8_2_00CB64D9
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E7BAC4 push ecx; ret 9_2_00E7BAD9
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E47ABB push ecx; ret 9_2_00E47ACE
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E285843 push ecx; ret 9_2_6E285856

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u5_2_00CFA100
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u7_2_00C8C210
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u7_2_00C8C570
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u7_2_00C8BF30
Possible COM Object hijacking
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files\mcafee\webadvisor\x64\wssdep.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{21cbfec0-e728-420c-b4a4-a58ad2089aba}\inprocserver32
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\psuser.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{ABACDE7D-7B73-41F6-9C86-A11B7462F32D}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\jsisdl.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_te.dllJump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\dump_process.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Users\user\AppData\Local\Temp\mwa521C.tmpJump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\installer.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\Midex.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\mwaBB89.tmpJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\jsis.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\AccessControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\psmachine.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile created: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,5_2_00CF52F0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-cs-CZ.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-da-DK.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-de-DE.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-el-GR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-en-US.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-es-ES.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-es-MX.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fi-FI.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fr-CA.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-fr-FR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-hr-HR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-hu-HU.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-it-IT.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ja-JP.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ko-KR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-nb-NO.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-nl-NL.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pl-PL.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pt-BR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-pt-PT.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-ru-RU.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sk-SK.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sr-Latn-CS.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-sv-SE.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-tr-TR.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-zh-CN.txt
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeFile created: C:\Program Files\McAfee\Temp3870638436\jslang\eula-zh-TW.txt

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u5_2_00CFA100
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u7_2_00C8C210
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u7_2_00C8C570
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u7_2_00C8BF30
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EE0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,4_2_00EE0540
Source: C:\Users\user\Desktop\utweb_installer (1).exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNode
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2613781512.00000000058F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C3E320 rdtsc 7_2_00C3E320
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EB4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00EB4C8E
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\thirdparty.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\psuser.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{ABACDE7D-7B73-41F6-9C86-A11B7462F32D}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\jsisdl.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_te.dllJump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\Temp3870638436\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\dump_process.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwa521C.tmpJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\Midex.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.1b4129d5Jump to dropped file
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwaBB89.tmpJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\jsis.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\AccessControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.1b4129d5Jump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\psmachine.dllJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.1b4129d5Jump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp3870638436\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\sciterui.dllJump to dropped file
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeEvaded block: after key decision
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeEvaded block: after key decision
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeEvaded block: after key decision
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_4-83678
Source: C:\Users\user\Desktop\utweb_installer (1).exe TID: 7360Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exe TID: 7944Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe TID: 8080Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 7480Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe TID: 1928Thread sleep count: 41 > 30
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile Volume queried: C:\Users\user\AppData\Local\Temp\ISVA121.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile Volume queried: C:\Users\user\AppData\Local\Temp\ISVA121.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile Volume queried: C:\Users\user\AppData\Local\Temp\ISVA121.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_004028D5 FindFirstFileW,6_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeCode function: 6_2_0040679D FindFirstFileW,FindClose,6_2_0040679D
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C37220 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,7_2_00C37220
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C2E430 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,7_2_00C2E430
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C34850 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,7_2_00C34850
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C61570 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,7_2_00C61570
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E31668 GetLongPathNameW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,9_2_00E31668
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E72224 FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00E72224
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F12782 VirtualQuery,GetSystemInfo,4_2_00F12782
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\Temp\ISVA121.tmpJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zipJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: NortonBrowserUpdate.exe, 00000015.00000003.2598669727.0000000001357000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000002.2600242603.0000000001359000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000015.00000003.2597635005.0000000001356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW)*
Source: avg_antivirus_free_setup.exe, 00000005.00000002.3021304841.0000000004E50000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000002.3022287050.0000000000BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2402992639.0000000002F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: NortonBrowserUpdate.exe, 0000000A.00000002.3025259754.0000000000781000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?isQemuDetected@WaVirtualization@@CAHXZ
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Uninstall\\ReasonLabs-EPP","VMware, Inc."],"r/
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2407221859.0000000002F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:x
Source: utweb_installer (1).exe, 00000000.00000002.2376059687.0000000005406000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2370891380.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000002.2374582103.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, utweb_installer (1).exe, 00000000.00000003.2368712155.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000004.00000002.3015053119.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3022560391.0000000004EBD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2468080879.0000000002FCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @~4HC:\Program Files\RAVAntivirus\AntivirusInstaller.exe\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"r/
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360totalsecurity.com/en/privacy/","ctu":"https://www.360totalsecurity.cW
Source: utweb_installer (1).exe, 00000000.00000003.1838953280.0000000005457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.ity
Source: saBSI.exe, 00000004.00000002.3015053119.00000000007B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW*
Source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWareVMWare
Source: avg_antivirus_free_online_setup.exe, 00000007.00000002.3013416001.0000000002FA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp=
Source: norton_secure_browser_setup.exe, 00000006.00000002.3028187013.0000000000861000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx1CW;^
Source: avg_antivirus_free_setup.exe, 00000005.00000003.2369537373.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000002.3022560391.0000000004EBD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3000555217.0000000004EB4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000005.00000003.3001733822.0000000004EBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW)p
Source: saBSI.exe, 00000009.00000002.3020739630.0000000000B22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
Source: saBSI.exe, 00000004.00000002.3015053119.000000000075E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH9|%SystemRoot%\system32\mswsock.dll#
Source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.Microsoft CorporationParallels Software International Inc.Oracle CorporationOpenStack FoundationQemuMicrosoft HvXen Project / Amazon EC2[Vv][Mm][Ww]are[Vv][Mm][Ww][Vv]irtual[Bb]oxinnotek[mM]icrosoftSelect * from Win32_ComputerSystem[pP]arallels[vV]irtual.?[mM]achine[VMDetection] Bit set by hypervisor = [Vv][Mm]wareVMWareVMWare[VMDetection] CPU Vendor = SELECT * FROM Win32_BIOSManufacturer[VMDetection] Manufacturer = , BIOS Name = [Oo]pen[Ss]tack[qQ][Ee][mM][uU][Aa]mazon[Xx][Ee][Nn]PCI\VEN_80EE&DEV_CAFEPCIRtlNtStatusToDosErrorNtdll.dllDotnet dll not foundcoreclr.dllcoreclr_initializeDotnet dll load failedcoreclr_shutdowncoreclr_create_delegate*.dllCoreCLR APIs load failed--list-runtimesWinRMInit failed. ExceptionMsg: Dotnet not founddotnetmicrosoft.netcore.app^([a-zA-Z.]+)\s([\d]+.[\d]+.[\d]+)\s\[(.*)\]$TPAList: BasePath: InitLIbPath: libwinrm, Version=1.0.0.0libwinrm.WinRMClient_OpenSession failedcreateManagedDelegate Init failedTRUSTED_PLATFORM_ASSEMBLIESnet5.0\libwinrm.dllnet5.0\runtimes\win10-x64\lib\netstandard1.6;APP_PATHSnet5.0net5.0InitCoreCLR failedWinRMClientcreateManagedDelegate CancelSubAsync failedCancelSubAsynccreateManagedDelegate Subcribe failedSubcribecreateManagedDelegate CloseSession failedCloseSession failed. ExceptionMsg: WinRM loadedcreateManagedDelegate Connect failedConnectcreateManagedDelegate Query failedQuerycreateManagedDelegate Invoke failedInvokecreateManagedDelegate SubcribeAsync failedSubcribeAsyncWinRMSubcribed done.WinRMSubcribed failed. ErrorInfo:
Source: icarus.exe, 0000001A.00000003.2886547781.0000022A60B6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?isVMwareDetected@WaVirtualization@@CAHXZ
Source: avg_antivirus_free_online_setup.exe, 00000007.00000003.2408420394.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2407998460.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000007.00000003.2408215862.0000000002FA6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2585346386.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2586068149.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2593612842.0000000000BA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 00000017.00000003.2584669798.0000000000BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\utweb_installer (1).exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C3E320 rdtsc 7_2_00C3E320
Source: C:\Users\user\Desktop\utweb_installer (1).exeCode function: 0_2_0071F1CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0071F1CE
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EC5204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,4_2_00EC5204
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EB4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,4_2_00EB4C8E
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F57BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C4_2_00F57BC0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EF2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,4_2_00EF2B30
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F3E8FE mov eax, dword ptr fs:[00000030h]4_2_00F3E8FE
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F47CF2 mov eax, dword ptr fs:[00000030h]4_2_00F47CF2
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F47CAE mov eax, dword ptr fs:[00000030h]4_2_00F47CAE
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F47C6A mov eax, dword ptr fs:[00000030h]4_2_00F47C6A
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F47D23 mov eax, dword ptr fs:[00000030h]4_2_00F47D23
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D07C5A mov eax, dword ptr fs:[00000030h]5_2_00D07C5A
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CD93C6 mov eax, dword ptr fs:[00000030h]7_2_00CD93C6
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CD940A mov eax, dword ptr fs:[00000030h]7_2_00CD940A
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CD3A77 mov ecx, dword ptr fs:[00000030h]7_2_00CD3A77
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CAD630 mov eax, dword ptr fs:[00000030h]8_2_00CAD630
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA87D6 mov ecx, dword ptr fs:[00000030h]8_2_00CA87D6
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00EB463F GetProcessHeap,4_2_00EB463F
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\utweb_installer (1).exeCode function: 0_2_0070D0CB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0070D0CB
Source: C:\Users\user\Desktop\utweb_installer (1).exeCode function: 0_2_0071F1CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0071F1CE
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F29018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00F29018
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F293F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00F293F2
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F2D453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00F2D453
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F29586 SetUnhandledExceptionFilter,4_2_00F29586
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D010FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00D010FF
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D01292 SetUnhandledExceptionFilter,5_2_00D01292
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D013AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00D013AB
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00D04476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00D04476
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00CBF316 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00CBF316
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C95628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00C95628
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA5A10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00CA5A10
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CABCC4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00CABCC4
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA557C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00CA557C
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeCode function: 8_2_00CA5710 SetUnhandledExceptionFilter,8_2_00CA5710
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E5815E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00E5815E
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E47892 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00E47892
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E47F10 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00E47F10
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E274D84 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_6E274D84
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E2777F0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6E2777F0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_6E275087 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_6E275087
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6Jump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970Jump to behavior
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezU5QkQwODA2LUQ0OEQtNEIzMy04QTQwLTREMUZCMzlCNTc2RH0iIHVzZXJpZD0iezM1OEJGNjQ0LTk5NzQtNEU1Qy04NDhELTRCNDQxNzcyRDg1Qn0iIHVzZXJpZF9kYXRlPSIyMDI1MDIyMyIgbWFjaGluZWlkPSJ7MDAwMDQ0RUUtMDY5My1BMjEyLTQ4ODItNjlBQzBENjg4NzAzfSIgbWFjaGluZWlkX2RhdGU9IjIwMjUwMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0IwQjBENkJFLTk4MDQtNDY0Ni1BOUNBLTY0REY1NEExOThBMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iODE0MCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59BD0806-D48D-4B33-8A40-4D1FB39B576D}" /silent
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:akTojTlPldMN7HxjFWBtELNuxlXzZez7l9OsEFN9PKvW1NrhezpdLzcHjgkz4Qk9ctYSHa2kcUDPUi /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:c:\windows\temp\asw.6c686568250f94b6
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies"
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gumac76.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies"
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0iezu5qkqwoda2luq0oeqtneizmy04qtqwltremuzcmzlcntc2rh0iihvzzxjpzd0iezm1oejgnjq0ltk5nzqtneu1qy04ndheltrcndqxnzcyrdg1qn0iihvzzxjpzf9kyxrlpsiymdi1mdiymyigbwfjagluzwlkpsj7mdawmdq0ruutmdy5my1bmjeyltq4oditnjlbqzbenjg4nzazfsigbwfjagluzwlkx2rhdgu9ijiwmjuwmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0iwqjbenkjfltk4mdqtndy0ni1bounblty0rey1neexothbmh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0iode0mcivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59bd0806-d48d-4b33-8a40-4d1fb39b576d}" /silent
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exe" /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /ga_clientid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /edat_dir:c:\windows\temp\asw.6c686568250f94b6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies"Jump to behavior
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\icarus-info.xml /install /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsb8E61.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gumac76.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies"
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0iezu5qkqwoda2luq0oeqtneizmy04qtqwltremuzcmzlcntc2rh0iihvzzxjpzd0iezm1oejgnjq0ltk5nzqtneu1qy04ndheltrcndqxnzcyrdg1qn0iihvzzxjpzf9kyxrlpsiymdi1mdiymyigbwfjagluzwlkpsj7mdawmdq0ruutmdy5my1bmjeyltq4oditnjlbqzbenjg4nzazfsigbwfjagluzwlkx2rhdgu9ijiwmjuwmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0ie0iwqjbenkjfltk4mdqtndy0ni1bounblty0rey1neexothbmh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0iode0mcivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies" /installsource otherinstallcmd /sessionid "{59bd0806-d48d-4b33-8a40-4d1fb39b576d}" /silent
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exe /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av_slave_ep_ff934363-81d6-4f23-b407-c954cb4a19dc /slave:avg-av
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeProcess created: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe c:\windows\temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exe /silent /ws /psh:aktojtlpldmn7hxjfwbtelnuxlxzzez7l9osefn9pkvw1nrhezpdlzchjgkz4qk9ctysha2kcudpui /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.6c686568250f94b6 /track-guid:fb7cbe7e-c47a-4dcf-8118-c130b3fbe970 /er_master:master_ep_57c305f9-a221-4d55-9661-c605c4f8ef83 /er_ui:ui_ep_a66986cd-bae3-4d7f-8e39-d240368c0fd9 /er_slave:avg-av-vps_slave_ep_ba692fdd-fd75-4a86-a2e2-28706e5a604b /slave:avg-av-vps
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: 7_2_00C10710 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,CopySid,LocalAlloc,InitializeAcl,AddAce,TreeResetNamedSecurityInfoW,SetLastError,7_2_00C10710
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: 4_2_00F29215 cpuid 4_2_00F29215
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoW,4_2_00F445DA
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: EnumSystemLocalesW,4_2_00F4C9ED
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: EnumSystemLocalesW,4_2_00F4C952
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: EnumSystemLocalesW,4_2_00F4C907
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00F4CA80
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoW,4_2_00F4CCE0
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00F4CE06
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00F4CFDB
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoW,4_2_00F4CF0C
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: GetLocaleInfoEx,4_2_00F27E28
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeCode function: EnumSystemLocalesW,4_2_00F43F6D
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,7_2_00CDC0DD
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,7_2_00CDC042
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00CDC4F9
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00CDC6CE
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,7_2_00CD8B8D
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,7_2_00CD90F3
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00CDBD4F
Source: C:\Windows\Temp\asw.6c686568250f94b6\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,7_2_00CDBFF7
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: EnumSystemLocalesW,9_2_00E6C15D
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoW,9_2_00E6C7D4
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoEx,9_2_00E468F3
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: EnumSystemLocalesW,9_2_00E74EE7
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: EnumSystemLocalesW,9_2_00E74FCD
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: EnumSystemLocalesW,9_2_00E74F32
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_00E75060
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoW,9_2_00E752C0
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00E753E9
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoW,9_2_00E754EF
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetLocaleInfoEx,FormatMessageA,9_2_00E3146D
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00E755C5
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\utweb_installer (1).exeQueries volume information: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup.zip VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-fc1c03de-2f0e-41db-85ba-39f4b0e8563b\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Users\user\Desktop\utweb_installer (1).exeCode function: 0_2_0070D4D4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0070D4D4
Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeCode function: 9_2_00E6BBF9 GetTimeZoneInformation,9_2_00E6BBF9
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\avg\avg_antivirus_free_setup.exeCode function: 5_2_00CF41B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,5_2_00CF41B0
Source: C:\Users\user\Desktop\utweb_installer (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\saBSI\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Program Files (x86)\GUMAC76.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\ISVA121.tmp\norton_secure_browser_setup\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		13
Native API		1
DLL Side-Loading		1
DLL Side-Loading		3
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomains1
Replication Through Removable Media		12
Command and Scripting Interpreter		1
Image File Execution Options Injection		1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over Bluetooth1
System Shutdown/Reboot
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Component Object Model Hijacking		1
Component Object Model Hijacking		2
Obfuscated Files or Information		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin Shares1
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Valid Accounts		1
Valid Accounts		1
DLL Side-Loading		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Windows Service		11
Access Token Manipulation		1
File Deletion		LSA Secrets57
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		1
Windows Service		33
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Registry Run Keys / Startup Folder		11
Process Injection		1
Valid Accounts		DCSync381
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		1
Scheduled Task/Job		1
Modify Registry		Proc Filesystem14
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		14
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Access Token Manipulation		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Bootkit		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1622233 Sample: utweb_installer (1).exe Startdate: 23/02/2025 Architecture: WINDOWS Score: 50 179 Malicious sample detected (through community Yara rule) 2->179 181 Multi AV Scanner detection for submitted file 2->181 183 Writes many files with high entropy 2->183 185 2 other signatures 2->185 10 utweb_installer (1).exe 2 22 2->10         started        14 NortonBrowserUpdate.exe 2->14         started        17 NortonBrowserUpdate.exe 2->17         started        19 2 other processes 2->19 process3 dnsIp4 167 13.33.216.105 AMAZON-02US United States 10->167 121 C:\Users\...\norton_secure_browser_setup.exe, PE32 10->121 dropped 123 C:\Users\...\avg_antivirus_free_setup.exe, PE32 10->123 dropped 125 C:\Users\user\AppData\Local\...\saBSI.zip, Zip 10->125 dropped 129 3 other files (2 malicious) 10->129 dropped 21 avg_antivirus_free_setup.exe 1 3 10->21         started        26 saBSI.exe 2 9 10->26         started        28 norton_secure_browser_setup.exe 15 91 10->28         started        169 2.19.11.118 ELISA-ASHelsinkiFinlandEU European Union 14->169 127 {ABACDE7D-7B73-41F...rowserInstaller.exe, PE32+ 14->127 dropped 217 Query firmware table information (likely to detect VMs) 14->217 30 NortonBrowserUpdate.exe 17->30         started        32 NortonBrowserUpdate.exe 17->32         started        file5 signatures6 process7 dnsIp8 153 23.58.105.161 RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKC United States 21->153 155 216.239.36.178 GOOGLEUS United States 21->155 157 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 21->157 109 C:\...\avg_antivirus_free_online_setup.exe, PE32 21->109 dropped 201 Query firmware table information (likely to detect VMs) 21->201 203 Contains functionality to infect the boot sector 21->203 34 avg_antivirus_free_online_setup.exe 6 41 21->34         started        159 104.18.20.226 CLOUDFLARENETUS United States 26->159 161 54.201.159.33 AMAZON-02US United States 26->161 163 2.22.242.114 AKAMAI-ASN1EU European Union 26->163 111 C:\ProgramData\McAfee\...\saBSI.exe, PE32 26->111 dropped 39 saBSI.exe 26->39         started        165 104.20.87.8 CLOUDFLARENETUS United States 28->165 113 C:\Users\...113ortonBrowserUpdateSetup.exe, PE32 28->113 dropped 115 C:\Users\user\AppData\...\thirdparty.dll, PE32 28->115 dropped 117 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 28->117 dropped 119 9 other files (none is malicious) 28->119 dropped 205 Tries to harvest and steal browser information (history, passwords, etc) 28->205 207 Checks if the current machine is a virtual machine (disk enumeration) 28->207 41 NortonBrowserUpdateSetup.exe 28->41         started        file9 signatures10 process11 dnsIp12 149 92.123.21.160 AKAMAI-ASUS European Union 34->149 75 C:\Windows\Temp\...\icarus.exe, PE32+ 34->75 dropped 77 C:\Windows\Temp\...\setupui.cont, XZ 34->77 dropped 79 C:\...\e08e6ef8-4281-412f-9974-1e01d343bd0a, LZMA 34->79 dropped 89 9 other files (5 malicious) 34->89 dropped 187 Query firmware table information (likely to detect VMs) 34->187 189 Contains functionality to infect the boot sector 34->189 191 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 34->191 43 icarus.exe 34->43         started        151 2.19.11.115 ELISA-ASHelsinkiFinlandEU European Union 39->151 81 C:\ProgramData\McAfee\...\installer.exe, PE32+ 39->81 dropped 83 C:\Users\user\AppData\Local\...\mwaBB89.tmp, PE32 39->83 dropped 193 Writes many files with high entropy 39->193 48 installer.exe 39->48         started        85 C:\...85ortonBrowserUpdate.exe, PE32 41->85 dropped 87 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 41->87 dropped 91 70 other files (none is malicious) 41->91 dropped 195 Found evasive API chain checking for user administrative privileges 41->195 50 NortonBrowserUpdate.exe 41->50         started        file13 signatures14 process15 dnsIp16 171 1.1.1.1 CLOUDFLARENETUS Australia 43->171 173 34.160.176.28 ATGS-MMD-ASUS United States 43->173 175 2.19.100.183 AKAMAI-ASUS European Union 43->175 131 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 43->131 dropped 133 C:\Windows\Temp\...\icarus_product.dll, PE32+ 43->133 dropped 135 C:\Windows\Temp\...\icarus.exe, PE32+ 43->135 dropped 143 18 other files (15 malicious) 43->143 dropped 209 Query firmware table information (likely to detect VMs) 43->209 211 Writes many files with high entropy 43->211 52 icarus.exe 43->52         started        56 icarus.exe 43->56         started        137 C:\Program Files\McAfee\...\wssdep.cab, Microsoft 48->137 dropped 145 16 other files (14 malicious) 48->145 dropped 213 Writes a notice file (html or txt) to demand a ransom 48->213 58 installer.exe 48->58         started        139 C:\...139ortonBrowserUpdate.exe, PE32 50->139 dropped 141 C:\Program Files (x86)\...\psmachine_64.dll, PE32+ 50->141 dropped 147 71 other files (none is malicious) 50->147 dropped 215 Creates an undocumented autostart registry key 50->215 60 NortonBrowserUpdate.exe 50->60         started        62 NortonBrowserUpdate.exe 50->62         started        65 NortonBrowserUpdate.exe 50->65         started        67 NortonBrowserUpdate.exe 50->67         started        file17 signatures18 process19 dnsIp20 93 C:\...\firefox_pass.exe.ipending.1b4129d5, PE32 52->93 dropped 95 C:\...\aswBrowser.dll.ipending.1b4129d5, PE32 52->95 dropped 97 C:\...\su_controller.dll.ipending.1b4129d5, PE32+ 52->97 dropped 105 37 other files (36 malicious) 52->105 dropped 197 Query firmware table information (likely to detect VMs) 52->197 199 Writes many files with high entropy 52->199 99 C:\Program Files\McAfee\...\wssdep.dll, PE32+ 58->99 dropped 101 C:\Users\user\AppData\Local\...\mwa521C.tmp, PE32+ 58->101 dropped 103 C:\Program Files\McAfee\...\wssdep.dll, PE32 58->103 dropped 107 5 other files (none is malicious) 58->107 dropped 69 NortonBrowserUpdateComRegisterShell64.exe 60->69         started        71 NortonBrowserUpdateComRegisterShell64.exe 60->71         started        73 NortonBrowserUpdateComRegisterShell64.exe 60->73         started        177 104.20.86.8 CLOUDFLARENETUS United States 62->177 file21 signatures22 process23

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.