Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe
Analysis ID:1635043
MD5:21c7202e3985ad7defe13c840aeadf79
SHA1:04333d7e2be8684472d57e34aa31fdab09d7b288
SHA256:5a9038021945615156efcb3e0e4f1905c774659a0647e009b2a582fa05e30b20
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

PrivateLoader
Score:44
Range:0 - 100
Confidence:100%

Compliance

Score:50
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected PrivateLoader
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to infect the boot sector
Found suspicious ZIP file
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Potentially malicious time measurement code found
Query firmware table information (likely to detect VMs)
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe (PID: 6608 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe" MD5: 21C7202E3985AD7DEFE13C840AEADF79)
    • SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp (PID: 6728 cmdline: "C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp" /SL5="$203BA,1635601,878080,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe" MD5: B09C06DF6B37FFD9F39765F3C2DAF15E)
      • BitComet_2.12_setup.exe (PID: 1300 cmdline: "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe" /S MD5: 02C0E8EF50CD4D496C85F7F5EE5008E3)
        • BitCometService.exe (PID: 2272 cmdline: "C:\Program Files\BitComet\tools\BitCometService.exe" /reg MD5: 174A32C8DCA516230FF6EB0805D6F829)
      • saBSI.exe (PID: 6384 cmdline: "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
        • saBSI.exe (PID: 520 cmdline: "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_update MD5: 7A1B6316D5D64A740B847D8261EA3E83)
      • cookie_mmm_irs_ppi_005_888_a.exe (PID: 5740 cmdline: "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW MD5: 31208B48ACFE1C6E1D5CD1BCB63CCB4D)
        • avast_free_antivirus_setup_online_x64.exe (PID: 4084 cmdline: "C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0 MD5: 2FF00FBC65C79DE6D22E3AEB155D13A4)
          • Instup.exe (PID: 6612 cmdline: "C:\Windows\Temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0 MD5: FF955FC4BFAF3DCA797938926CA991ED)
      • BitComet.exe (PID: 5684 cmdline: "C:\Program Files\BitComet\BitComet.exe" --no_elevated MD5: CB3354ACFE3BA647E010633C110AE459)
      • WerFault.exe (PID: 1800 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 960 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 2412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1072 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 4536 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6312 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 1556 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • sppsvc.exe (PID: 6292 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)
  • svchost.exe (PID: 6840 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6684 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5820 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 1476 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 2952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • BitComet.exe (PID: 612 cmdline: "C:\Program Files\BitComet\BitComet.exe" MD5: CB3354ACFE3BA647E010633C110AE459)
    • UPNP.exe (PID: 4128 cmdline: "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 0 -udpport 0 -q MD5: FEBBAF0C03103A63E0141A96535B7745)
    • msedgewebview2.exe (PID: 5500 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=612.4712.7051115719988685246 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 3656 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6456 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6580 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6864 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6908 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6912 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6896 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
  • BitCometService.exe (PID: 5536 cmdline: "C:\Program Files\BitComet\tools\BitCometService.exe" -service MD5: 174A32C8DCA516230FF6EB0805D6F829)
  • svchost.exe (PID: 1916 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 2216 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6728 -ip 6728 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 5404 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6728 -ip 6728 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 5024 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PrivateLoaderAccording to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000012.00000000.1876512050.0000000000401000.00000020.00000001.01000000.00000013.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
    00000012.00000002.2205769184.0000000000401000.00000020.00000001.01000000.00000013.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
      0000000C.00000002.1699492538.0000000000401000.00000020.00000001.01000000.00000013.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
        0000000C.00000000.1698677287.0000000000401000.00000020.00000001.01000000.00000013.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
          0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.BitCometService.exe.400000.0.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
              11.2.BitComet_2.12_setup.exe.2dec566.5.raw.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                18.2.BitCometService.exe.400000.0.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                  18.0.BitCometService.exe.400000.0.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                    12.0.BitCometService.exe.400000.0.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 628, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4536, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-03-11T10:08:49.620616+010020283713Unknown Traffic192.168.2.84968918.245.45.10443TCP
                      2025-03-11T10:08:51.463266+010020283713Unknown Traffic192.168.2.84969018.245.45.10443TCP
                      2025-03-11T10:08:53.457235+010020283713Unknown Traffic192.168.2.84969118.245.45.10443TCP
                      2025-03-11T10:08:55.450471+010020283713Unknown Traffic192.168.2.84969218.245.45.10443TCP
                      2025-03-11T10:08:57.663255+010020283713Unknown Traffic192.168.2.84969318.245.45.10443TCP
                      2025-03-11T10:09:09.465111+010020283713Unknown Traffic192.168.2.84969518.245.45.10443TCP
                      2025-03-11T10:09:43.698293+010020283713Unknown Traffic192.168.2.84970418.245.45.10443TCP
                      2025-03-11T10:09:47.014120+010020283713Unknown Traffic192.168.2.84970518.245.45.10443TCP
                      2025-03-11T10:10:04.051292+010020283713Unknown Traffic192.168.2.84970618.245.45.231443TCP
                      2025-03-11T10:10:08.923150+010020283713Unknown Traffic192.168.2.84970718.245.45.231443TCP
                      2025-03-11T10:10:09.165544+010020283713Unknown Traffic192.168.2.84970852.88.41.86443TCP
                      2025-03-11T10:10:11.773515+010020283713Unknown Traffic192.168.2.84970952.88.41.86443TCP
                      2025-03-11T10:10:12.016412+010020283713Unknown Traffic192.168.2.84971018.245.45.231443TCP
                      2025-03-11T10:10:14.576697+010020283713Unknown Traffic192.168.2.8497142.22.242.114443TCP
                      2025-03-11T10:10:17.212091+010020283713Unknown Traffic192.168.2.8497152.22.242.114443TCP
                      2025-03-11T10:10:20.265125+010020283713Unknown Traffic192.168.2.8497162.22.242.114443TCP
                      2025-03-11T10:10:21.872341+010020283713Unknown Traffic192.168.2.84971734.117.223.223443TCP
                      2025-03-11T10:10:21.878217+010020283713Unknown Traffic192.168.2.84971934.117.223.223443TCP
                      2025-03-11T10:10:23.728966+010020283713Unknown Traffic192.168.2.84972234.117.223.223443TCP
                      2025-03-11T10:10:25.793911+010020283713Unknown Traffic192.168.2.84972534.117.223.223443TCP
                      2025-03-11T10:10:25.877207+010020283713Unknown Traffic192.168.2.84972452.88.41.86443TCP
                      2025-03-11T10:10:28.589749+010020283713Unknown Traffic192.168.2.84972952.88.41.86443TCP
                      2025-03-11T10:10:28.644843+010020283713Unknown Traffic192.168.2.84973334.160.176.28443TCP
                      2025-03-11T10:10:31.769424+010020283713Unknown Traffic192.168.2.8497382.22.242.121443TCP
                      2025-03-11T10:10:34.472328+010020283713Unknown Traffic192.168.2.84977752.88.41.86443TCP
                      2025-03-11T10:10:37.017545+010020283713Unknown Traffic192.168.2.8497942.22.242.121443TCP
                      2025-03-11T10:10:39.653199+010020283713Unknown Traffic192.168.2.84980552.88.41.86443TCP
                      2025-03-11T10:10:42.373250+010020283713Unknown Traffic192.168.2.8498112.22.89.13443TCP
                      2025-03-11T10:10:45.218177+010020283713Unknown Traffic192.168.2.8498162.22.89.13443TCP
                      2025-03-11T10:10:48.327152+010020283713Unknown Traffic192.168.2.8498222.22.89.13443TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe (copy)ReversingLabs: Detection: 34%
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\is-SHQ4T.tmpReversingLabs: Detection: 34%
                      Multi AV Scanner detection for submitted file
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeVirustotal: Detection: 29%Perma Link
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeReversingLabs: Detection: 28%
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004517A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,14_2_004517A0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00405870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,14_2_00405870
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004514F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,14_2_004514F0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00406220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,14_2_00406220
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043E610 CryptMsgClose,14_2_0043E610
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004067B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,14_2_004067B0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,14_2_0043EB60
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,14_2_0043F150
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,14_2_0043F3C0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E774F0 CryptGenRandom,GetLastError,__CxxThrowException@8,15_2_00E774F0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E77C60 CryptCreateHash,CryptDestroyHash,CryptCreateHash,CryptDestroyHash,CryptHashData,CryptHashData,CryptHashData,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,15_2_00E77C60
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E76450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,CryptDestroyHash,CryptReleaseContext,15_2_00E76450
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E73420 InterlockedExchange,GetVersionExW,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,IsValidSid,GetSidSubAuthorityCount,GetSidSubAuthority,CloseHandle,InterlockedExchange,InterlockedExchange,LoadStringW,CreateMutexW,GetLastError,InterlockedExchange,LoadStringW,InterlockedExchange,wsprintfW,InterlockedExchange,FindResourceW,LoadResource,SizeofResource,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,EnumResourceNamesW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,CryptStringToBinaryW,CryptStringToBinaryW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetVersionExW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,LoadStringW,LoadStringW,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,LoadStringW,LoadStringW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ReleaseMutex,CloseHandle,Sleep,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E76750 CryptHashData,CryptDestroyHash,CryptHashData,CryptHashData,CryptHashData,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,15_2_00E76750
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E771A0 CryptReleaseContext,15_2_00E771A0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E91C50 CryptReleaseContext,15_2_00E91C50
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E77FE0 CryptCreateHash,CryptDestroyHash,CryptCreateHash,CryptDestroyHash,CryptHashData,CryptHashData,CryptHashData,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,15_2_00E77FE0
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION BitComet.exe

                      Compliance

                      barindex
                      Uses 32bit PE files
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                      Creates a directory in C:\Program Files
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitCometJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ReadMe.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\License.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ChangeLog.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\BitComet.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\bitcometd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\CrashReport.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\WebView2Loader.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\langJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ar.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-bg.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-bs.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ca.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-cs.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-da.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-de.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-el.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-en_US.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-es.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-et.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-eu.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fa.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fi.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-gl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-he.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hu.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hy.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-id.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-it.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ja.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-kk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-kn.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ko.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ku.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-lt.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-lv.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-mk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ms.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-nb.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ne.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-nl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pt.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pt_BR.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ro.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ru.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sq.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sv.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ta.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-th.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-tr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ug.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-uk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ur.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-vi.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-zh_CN.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-zh_TW.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\HowTo-Translate.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2locationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2location\ip2location.binJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2location\ip2location-country-multilingual.csvJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\webuiJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\webui\webui.zipJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\toolsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\UPNP.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\VideoSnapshot.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\Updater.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.pngJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeLauncher.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeLauncherManifest.jsonJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeExtension.crxJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\EdgeExtension.crxJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\FirefoxLauncherManifest.jsonJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\FirefoxExtension.xpiJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometService.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\BitComet.urlJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\uninst.exeJump to behavior
                      Creates license or readme file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\ReadMe.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\License.txtJump to behavior
                      PE / OLE file has a valid certificate
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: certificate valid
                      Uses secure TLS version for HTTPS connections
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49689 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49691 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49693 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49695 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.88.41.86:443 -> 192.168.2.8:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49715 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49716 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49717 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49719 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49725 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.88.41.86:443 -> 192.168.2.8:49724 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.121:443 -> 192.168.2.8:49738 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.121:443 -> 192.168.2.8:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49811 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49816 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49822 version: TLS 1.2
                      Contains modern PE file flags such as dynamic base (ASLR) or NX
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Binary contains paths to debug symbols
                      Source: Binary string: F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: E:\develop\BitCometAgent_ActiveX\app\Release_Unicode\BitCometAgent_ActiveX.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\BitComet_2.12\app\Release_unicode_x64\GUI_BitComet_wx.pdb source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp
                      Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: E:\develop\tools\desktop-toasts\Release\BitCometToastsNotifier.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Source\Repos\DS-Platform\zbShield-Utils-CPP\zbShieldUtils\bin\Release\zbShieldUtils.pdb source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1868158503.0000000007720000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\BitComet_2.12\app\Release_unicode_x64\GUI_BitComet_wx.pdb-- source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp
                      Source: Binary string: d:\Develop\BitCometExtension_IE\app\release_unicode\BitCometBHO.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdbx source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: #F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000000.1810881781.0000000000E92000.00000002.00000001.01000000.00000016.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2218846210.0000000000E92000.00000002.00000001.01000000.00000016.sdmp
                      Source: Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdb source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\develop\BitCometExtension_Chrome\bc_launcher_for_chrome\Release\ChromeLauncher.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp

                      Spreading

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: 12.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2dec566.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000012.00000000.1876512050.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2205769184.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.1699492538.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000000.1698677287.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_0040672B FindFirstFileW,FindClose,11_2_0040672B
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,11_2_00405AFA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00402868 FindFirstFileW,11_2_00402868
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00489BF0 FindFirstFileExW,14_2_00489BF0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E88F16 FindFirstFileExW,15_2_00E88F16
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007BDF28 FindFirstFileExW,25_2_007BDF28
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extractJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior

                      Networking

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: 12.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2dec566.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000012.00000000.1876512050.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2205769184.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.1699492538.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000000.1698677287.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
                      Source: Instup.dll.24.drStatic PE information: Found NDIS imports: FwpmFilterEnum0, FwpmEngineClose0, FwpmCalloutDestroyEnumHandle0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpmTransactionBegin0, FwpmProviderDeleteByKey0, FwpmCalloutEnum0, FwpmFilterCreateEnumHandle0, FwpmSubLayerCreateEnumHandle0, FwpmTransactionCommit0, FwpmCalloutCreateEnumHandle0, FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmSubLayerDeleteByKey0, FwpmEngineOpen0, FwpmFilterDestroyEnumHandle0
                      Source: global trafficUDP traffic: 192.168.2.8:19922 -> 212.129.33.59:6881
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/octet-streamContent-Length: 11229128Last-Modified: Tue, 04 Mar 2025 09:01:46 GMTETag: "67c6c17a-ab57c8"Access-Control-Allow-Origin: *x-cache-status: HITx-origin-cache: vpsorigin-cache-re-prod-001.europe-west3-a.ppp-lopst-vpsorigin-10Accept-Ranges: bytesCache-Control: max-age=130Expires: Tue, 11 Mar 2025 09:12:20 GMTDate: Tue, 11 Mar 2025 09:10:10 GMTConnection: keep-aliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a1 68 82 16 e5 09 ec 45 e5 09 ec 45 e5 09 ec 45 36 7b ef 44 e8 09 ec 45 36 7b e9 44 28 09 ec 45 36 7b eb 44 e4 09 ec 45 e3 88 11 45 e1 09 ec 45 e3 88 e8 44 f6 09 ec 45 e3 88 ef 44 f1 09 ec 45 e3 88 e9 44 90 09 ec 45 36 7b e8 44 fb 09 ec 45 2f 7c ef 44 e7 09 ec 45 2f 7c e8 44 ec 09 ec 45 ec 71 7f 45 e7 09 ec 45 b3 7c e8 44 ef 09 ec 45 e5 09 ec 45 e8 09 ec 45 2f 7c e9 44 e1 09 ec 45 36 7b ed 44 e8 09 ec 45 e5 09 ed 45 fb 0b ec 45 8f 88 e5 44 10 09 ec 45 8f 88 ec 44 e4 09 ec 45 8f 88 13 45 e4 09 ec 45 e5 09 7b 45 e7 09 ec 45 8f 88 ee 44 e4 09 ec 45 52 69 63 68 e5 09 ec 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 05 ea be 67 00 00 00 00 00 00 00 00 f0 00 22 08 0b 02 0e 26 00 f4 11 00 00 98 09 00 00 00 00 00 60 6a 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 1b 00 00 04 00 00 e4 58 ab 00 02 00 60 c1 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 72 18 00 e4 00 00 00 84 73 18 00 64 00 00 00 00 40 1a 00 30 78 01 00 00 50 19 00 6c c9 00 00 e8 2c ab 00 e0 2a 00 00 00 c0 1b 00 34 15 00 00 c8 82 16 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85 16 00 28 00 00 00 90 51 14 00 40 01 00 00 00 00 00 00 00 00 00 00 00 10 12 00 c8 06 00 00 28 5e 18 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c f3 11 00 00 10 00 00 00 f4 11 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 7b 06 00 00 10 12 00 00 7c 06 00 00 f8 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c b8 00 00 00 90 18 00 00 70 00 00 00 74 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 6c c9 00 00 00 50 19 00 00 ca 00 00 00 e4 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 60 04 Data Ascii: MZ@X!L!This program cannot be run in DOS mode.$hEEE6{DE6{D(E6{DEEEDE
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49692 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49689 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49695 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49691 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49693 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49690 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49704 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 18.245.45.10:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 18.245.45.231:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 18.245.45.231:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49709 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49710 -> 18.245.45.231:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 2.22.242.114:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49715 -> 2.22.242.114:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49716 -> 2.22.242.114:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49717 -> 34.117.223.223:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49719 -> 34.117.223.223:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49722 -> 34.117.223.223:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49724 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49733 -> 34.160.176.28:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49729 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49725 -> 34.117.223.223:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49738 -> 2.22.242.121:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49777 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49794 -> 2.22.242.121:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49805 -> 52.88.41.86:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49811 -> 2.22.89.13:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49816 -> 2.22.89.13:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49822 -> 2.22.89.13:443
                      Source: global trafficHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 122Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=2e26f2de4fda1ed57124f176a3b4fbb3fe48faa73964c01bee50f9987751ad5cUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 365Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=2e26f2de4fda1ed57124f176a3b4fbb3fe48faa73964c01bee50f9987751ad5cUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 329Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=2e26f2de4fda1ed57124f176a3b4fbb3fe48faa73964c01bee50f9987751ad5cUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 389Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: POST /zbd HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*Authorization: Signature=2e26f2de4fda1ed57124f176a3b4fbb3fe48faa73964c01bee50f9987751ad5cUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 371Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: GET /start/en_gb/2.12/ HTTP/1.1Host: inside.bitcomet.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /?tag=ownproduct&random=1&style=iframe&link=direct HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /app/private-photo-safe?style=iframe&link=direct HTTP/1.1Host: apphit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6Im9QUHdvVTVEN2V3SnhsTCtTWUZneXc9PSIsInZhbHVlIjoiRzRvUHd3NTh2MGZoT2wrZlFlOHd5Y3I1RmFrNFpVSlJwVW5KTHdQV0xKUzNwNTdjdThDeWlkdlpTK0RtUVZYVFd6djVKNmY4cHJweXhTSG12ZjV2WHFEMzQ2VVlPSmVMNGlvdytwN0REYTl0T0Z2MjhUWTJBS1c1RGxXZGRoNDQiLCJtYWMiOiIyMDA4ZjUwMWYzNTRhMjQ1ZDFiYTlmNWQ4MTNmNWI0NTI5ZjViYzg3MTUwMDUwOThlYmIzZDMyZWI4MzAyMjRkIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImgzWDVtVW9xZWlxTURoTlNsY2ZPdkE9PSIsInZhbHVlIjoiT2VmcEhRS0d3SGRLT2VMdHhCQ0JEZnZqdFpSUFIzaHl0bUZKOHF6T09iZTFHRi9CSTVaTzFyZTNqbHRxYzJkTVpSczRaL3NQZXl1cWdDYkJqejhiMkpzSEprdVFCNEo3eTFsRlFkVlFCTXJVZzAyc2FTSkZVRGN1S3JhS2pHN3kiLCJtYWMiOiJjYTM2ZGY1NGY5MmE5YjExYWFlYzJlYjYyNjA4MjBmNDQ2NzdlYWIyN2M0NjI5ZmFkZDQyMGYxMThlNmY2NTEzIiwidGFnIjoiIn0%3D
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /css/app.css HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apphit.com/app/private-photo-safe?style=iframe&link=directAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IktJMkZWYk40dEJ4TUh1RDQ5MUdXc2c9PSIsInZhbHVlIjoiL1A0R1hrS0NVb0syRE5wb0p6QWZCMklkalBoL0ZMaFpzZDVUbHBFMVpla3BPL3dNaHlNTWF3L0IrNExIaHRxNk5oY25DNkkrZHJjYXNyM25xWEdOdzA4bFVOT3lCVnZENGUwSW5tc2pwT0VPdC9iSU9JQVpwZFkvaGhyTFE0Y1IiLCJtYWMiOiIyNzZkZDU5YzBjMDUxYWZmYjE3NmQ3NTZkZDZjYmEyNjZlYzQyZjU3YTQ1NTY5YTQ2N2U4MWRhODIyZGU1MTBhIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImZBd2RmbkgvQUdSOVRmSUVURUlPRGc9PSIsInZhbHVlIjoid0hBeC9BRXRGNUw1ZC9ZUkRsWnNCcG5jSGZlMExZaVgzUG11cU9BTzIyMjFTbkZEazZIdm1vTVBFbHRsVms5WUhLVWhpTWUzZXlBakxMOGRSd2xoVGdraFBCLzdCaG9WUGxvcHVsSHFIRUprR24xVi9mVnE2cUphZFVkZnpsaTAiLCJtYWMiOiI0N2MxY2QwMTRjYzVhYTg3NGM5YmNkNTQxOTcxZjk3OWU3MDRiNWZjY2Q0YTA5ZTEyYzJiMDE5ZGRiMWI3MzAzIiwidGFnIjoiIn0%3D
                      Source: global trafficHTTP traffic detected: GET /image/app/private-photo-safe/privatephotosafe-logo.png HTTP/1.1Host: image.apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/private-photo-safe?style=iframe&link=directAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IktJMkZWYk40dEJ4TUh1RDQ5MUdXc2c9PSIsInZhbHVlIjoiL1A0R1hrS0NVb0syRE5wb0p6QWZCMklkalBoL0ZMaFpzZDVUbHBFMVpla3BPL3dNaHlNTWF3L0IrNExIaHRxNk5oY25DNkkrZHJjYXNyM25xWEdOdzA4bFVOT3lCVnZENGUwSW5tc2pwT0VPdC9iSU9JQVpwZFkvaGhyTFE0Y1IiLCJtYWMiOiIyNzZkZDU5YzBjMDUxYWZmYjE3NmQ3NTZkZDZjYmEyNjZlYzQyZjU3YTQ1NTY5YTQ2N2U4MWRhODIyZGU1MTBhIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImZBd2RmbkgvQUdSOVRmSUVURUlPRGc9PSIsInZhbHVlIjoid0hBeC9BRXRGNUw1ZC9ZUkRsWnNCcG5jSGZlMExZaVgzUG11cU9BTzIyMjFTbkZEazZIdm1vTVBFbHRsVms5WUhLVWhpTWUzZXlBakxMOGRSd2xoVGdraFBCLzdCaG9WUGxvcHVsSHFIRUprR24xVi9mVnE2cUphZFVkZnpsaTAiLCJtYWMiOiI0N2MxY2QwMTRjYzVhYTg3NGM5YmNkNTQxOTcxZjk3OWU3MDRiNWZjY2Q0YTA5ZTEyYzJiMDE5ZGRiMWI3MzAzIiwidGFnIjoiIn0%3D; _ga_BE27VNW489=GS1.1.1741684243.1.0.1741684243.0.0.0; _ga=GA1.1.1191335743.1741684243
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_00796D27 __EH_prolog3_GS,socket,WSAIoctl,htons,inet_addr,setsockopt,bind,closesocket,sendto,select,recv,closesocket,25_2_00796D27
                      Source: global trafficHTTP traffic detected: GET /f/AVAST/images/DOTPS-1511/547X280/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: GET /f/BitComet/1695/BitComet_2.12_setup.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: GET /f/AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.1.2Host: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_main.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/Win/binary/4.1.1/1006/Win32/saBSI.exe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /start/en_gb/2.12/ HTTP/1.1Host: inside.bitcomet.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_main.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /?tag=ownproduct&random=1&style=iframe&link=direct HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /app/private-photo-safe?style=iframe&link=direct HTTP/1.1Host: apphit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://inside.bitcomet.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6Im9QUHdvVTVEN2V3SnhsTCtTWUZneXc9PSIsInZhbHVlIjoiRzRvUHd3NTh2MGZoT2wrZlFlOHd5Y3I1RmFrNFpVSlJwVW5KTHdQV0xKUzNwNTdjdThDeWlkdlpTK0RtUVZYVFd6djVKNmY4cHJweXhTSG12ZjV2WHFEMzQ2VVlPSmVMNGlvdytwN0REYTl0T0Z2MjhUWTJBS1c1RGxXZGRoNDQiLCJtYWMiOiIyMDA4ZjUwMWYzNTRhMjQ1ZDFiYTlmNWQ4MTNmNWI0NTI5ZjViYzg3MTUwMDUwOThlYmIzZDMyZWI4MzAyMjRkIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImgzWDVtVW9xZWlxTURoTlNsY2ZPdkE9PSIsInZhbHVlIjoiT2VmcEhRS0d3SGRLT2VMdHhCQ0JEZnZqdFpSUFIzaHl0bUZKOHF6T09iZTFHRi9CSTVaTzFyZTNqbHRxYzJkTVpSczRaL3NQZXl1cWdDYkJqejhiMkpzSEprdVFCNEo3eTFsRlFkVlFCTXJVZzAyc2FTSkZVRGN1S3JhS2pHN3kiLCJtYWMiOiJjYTM2ZGY1NGY5MmE5YjExYWFlYzJlYjYyNjA4MjBmNDQ2NzdlYWIyN2M0NjI5ZmFkZDQyMGYxMThlNmY2NTEzIiwidGFnIjoiIn0%3D
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_vars.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96f255b6341f8&btcnt=0&httpcnt=0&p=x64&idt=20250311 HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /css/app.css HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apphit.com/app/private-photo-safe?style=iframe&link=directAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IktJMkZWYk40dEJ4TUh1RDQ5MUdXc2c9PSIsInZhbHVlIjoiL1A0R1hrS0NVb0syRE5wb0p6QWZCMklkalBoL0ZMaFpzZDVUbHBFMVpla3BPL3dNaHlNTWF3L0IrNExIaHRxNk5oY25DNkkrZHJjYXNyM25xWEdOdzA4bFVOT3lCVnZENGUwSW5tc2pwT0VPdC9iSU9JQVpwZFkvaGhyTFE0Y1IiLCJtYWMiOiIyNzZkZDU5YzBjMDUxYWZmYjE3NmQ3NTZkZDZjYmEyNjZlYzQyZjU3YTQ1NTY5YTQ2N2U4MWRhODIyZGU1MTBhIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImZBd2RmbkgvQUdSOVRmSUVURUlPRGc9PSIsInZhbHVlIjoid0hBeC9BRXRGNUw1ZC9ZUkRsWnNCcG5jSGZlMExZaVgzUG11cU9BTzIyMjFTbkZEazZIdm1vTVBFbHRsVms5WUhLVWhpTWUzZXlBakxMOGRSd2xoVGdraFBCLzdCaG9WUGxvcHVsSHFIRUprR24xVi9mVnE2cUphZFVkZnpsaTAiLCJtYWMiOiI0N2MxY2QwMTRjYzVhYTg3NGM5YmNkNTQxOTcxZjk3OWU3MDRiNWZjY2Q0YTA5ZTEyYzJiMDE5ZGRiMWI3MzAzIiwidGFnIjoiIn0%3D
                      Source: global trafficHTTP traffic detected: GET /image/app/private-photo-safe/privatephotosafe-logo.png HTTP/1.1Host: image.apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_PaidDistribution.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_DistributionRules.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: apphit.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apphit.com/app/private-photo-safe?style=iframe&link=directAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: XSRF-TOKEN=eyJpdiI6IktJMkZWYk40dEJ4TUh1RDQ5MUdXc2c9PSIsInZhbHVlIjoiL1A0R1hrS0NVb0syRE5wb0p6QWZCMklkalBoL0ZMaFpzZDVUbHBFMVpla3BPL3dNaHlNTWF3L0IrNExIaHRxNk5oY25DNkkrZHJjYXNyM25xWEdOdzA4bFVOT3lCVnZENGUwSW5tc2pwT0VPdC9iSU9JQVpwZFkvaGhyTFE0Y1IiLCJtYWMiOiIyNzZkZDU5YzBjMDUxYWZmYjE3NmQ3NTZkZDZjYmEyNjZlYzQyZjU3YTQ1NTY5YTQ2N2U4MWRhODIyZGU1MTBhIiwidGFnIjoiIn0%3D; apphit_session=eyJpdiI6ImZBd2RmbkgvQUdSOVRmSUVURUlPRGc9PSIsInZhbHVlIjoid0hBeC9BRXRGNUw1ZC9ZUkRsWnNCcG5jSGZlMExZaVgzUG11cU9BTzIyMjFTbkZEazZIdm1vTVBFbHRsVms5WUhLVWhpTWUzZXlBakxMOGRSd2xoVGdraFBCLzdCaG9WUGxvcHVsSHFIRUprR24xVi9mVnE2cUphZFVkZnpsaTAiLCJtYWMiOiI0N2MxY2QwMTRjYzVhYTg3NGM5YmNkNTQxOTcxZjk3OWU3MDRiNWZjY2Q0YTA5ZTEyYzJiMDE5ZGRiMWI3MzAzIiwidGFnIjoiIn0%3D; _ga_BE27VNW489=GS1.1.1741684243.1.0.1741684243.0.0.0; _ga=GA1.1.1191335743.1741684243
                      Source: global trafficHTTP traffic detected: GET /products/SA/BSI/bsi_abtest.xml HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveUser-Agent: SAHost: sadownload.mcafee.com
                      Source: global trafficHTTP traffic detected: GET /iavs9x/avast_free_antivirus_setup_online_x64.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Avast Microstub/2.1Host: iavs9x.u.avast.com
                      Source: global trafficHTTP traffic detected: GET /iavs9x/servers.def.vpx HTTP/1.1Host: s1843811.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /iavs9x/prod-pgm.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /iavs9x/avbugreport_x64_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /iavs9x/avdump_x64_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml HTTP/1.1Host: update.bitcomet.comConnection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /iavs9x/avdump_x86_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /iavs9x/instcont_x64_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /iavs9x/instup_x64_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: global trafficHTTP traffic detected: GET /iavs9x/offertool_x64_ais-a5f.vpx HTTP/1.1Host: w5805295.iavs9x.u.avast.comAccept: */*User-Agent: avast! Antivirus (instup)
                      Source: BitComet.exe, 00000011.00000003.1923597553.00000276B0380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/, initia]L equals www.youtube.com (Youtube)
                      Source: global trafficDNS traffic detected: DNS query: d1hboxy79wgmk4.cloudfront.net
                      Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
                      Source: global trafficDNS traffic detected: DNS query: v7event.stats.avast.com
                      Source: global trafficDNS traffic detected: DNS query: iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
                      Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
                      Source: global trafficDNS traffic detected: DNS query: dht.transmissionbt.com
                      Source: global trafficDNS traffic detected: DNS query: router.bittorrent.com
                      Source: global trafficDNS traffic detected: DNS query: dht.libtorrent.org
                      Source: global trafficDNS traffic detected: DNS query: router.silotis.us
                      Source: global trafficDNS traffic detected: DNS query: router.utorrent.com
                      Source: global trafficDNS traffic detected: DNS query: inside.bitcomet.com
                      Source: global trafficDNS traffic detected: DNS query: update.bitcomet.com
                      Source: global trafficDNS traffic detected: DNS query: shepherd.ff.avast.com
                      Source: global trafficDNS traffic detected: DNS query: appassets.bitcomet.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: global trafficDNS traffic detected: DNS query: b7210692.iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: b8003600.iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: r0965026.iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: s-iavs9x.avcdn.net
                      Source: global trafficDNS traffic detected: DNS query: s1843811.iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: w5805295.iavs9x.u.avast.com
                      Source: global trafficDNS traffic detected: DNS query: apphit.com
                      Source: unknownHTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 122Host: d1hboxy79wgmk4.cloudfront.net
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ftp://http://%.20s%ddefault%d%.20scopying
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 0000000C.00000000.1698814832.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitCometService.exe, 0000000C.00000002.1699642037.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://.css
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 0000000C.00000000.1698814832.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitCometService.exe, 0000000C.00000002.1699642037.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://.jpg
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://127.0.0.1
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://127.0.0.1Note:
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://127.0.0.1document.cookie=
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2238538931.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccsca2021.ocsp-certum.com05
                      Source: saBSI.exe, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx)
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxDG
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxH
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxPE
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxvAG
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxvWG
                      Source: BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://cn.bitcomet.com/achive/BitComet_1.20_setup.exe
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://cn.bitcomet.com/achive/BitComet_1.20_setup.exeMirror
                      Source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/crashrpt/wiki/FAQ
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://crashfix.bitcomet.com/crashfix/index.php/crashReport/uploadExternalhttps://www.bitcomet.com/e
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2238538931.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cscasha2.ocsp-certum.com04
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabYG
                      Source: BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://download.bitcomet.com/bitcomet/bitcomet_setup.exe
                      Source: svchost.exe, 00000004.00000003.1203110124.000001A1C9160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.atcomet.com/b/
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitCometService.exe, 0000000C.00000000.1698814832.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitCometService.exe, 0000000C.00000002.1699642037.0000000000596000.00000002.00000001.01000000.00000013.sdmp, BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://html4/loose.dtd
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iavs9x.u.avast.com/
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iavs9x.u.avast.com/C
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1816881476.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1896474673.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1896351644.0000000000D03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online_x64.exeqa
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1817118590.0000000000D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iavs9x.u.avast.com:80/iavs9x/avast_free_antivirus_setup_online_x64.exe
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://mirror.com/pub/
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://mirror.com/pub/file.exe
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://mirror.com/pub/folder_name/file1.exe
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://mirror.com/pub/folder_name/file2.exe
                      Source: BitComet.exe, 00000011.00000003.1961597480.00000276AF714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730948085.0000000003667000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000000.1590857970.000000000040A000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2238538931.0000000005CF8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1944538795.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943912687.0000000005CF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
                      Source: BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer0
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
                      Source: UPNP.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: UPNP.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/0
                      Source: saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crtcal
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                      Source: BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1953172087.00000276AEF43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com02
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://subca.ocsp-certum.com05
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/put/
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/put/file_hashfile_sizefile_indexpic_indexvideo_durationvideo_resolution_x
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/query/
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/query/POST3api_versionvl_hashfile_size
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/torrent/
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.fileshot.net/torrent/info_hashsize_index
                      Source: BitComet.exe, 00000011.00000002.2289104936.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2056796623.00000276AF582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml.243.254:8087;
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml25476;
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml43;
                      Source: BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/fav/v1.05-v1.40/fav_en_us.xml:443;
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2151428676.00000276B2EF4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E6B000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2053192746.00000276AF57D000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2123306537.00000276B2AB4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2194697698.00000276B2F19000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2060803194.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2156525304.00000276AF757000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2154064023.00000276B2E63000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2057009980.00000276AF42F000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000002.2289104936.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2056796623.00000276AF582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zip
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zip7;
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zip;/
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zip;Hc.T
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zip;Y
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs.zipturday.j
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2151428676.00000276B2EF4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E6B000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2053192746.00000276AF57D000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2123306537.00000276B2AB4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2194697698.00000276B2F19000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2060803194.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2156525304.00000276AF757000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2154064023.00000276B2E63000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2057009980.00000276AF42F000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000002.2289104936.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2056796623.00000276AF582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs_full.zip
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcfs_full.zipy
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2151428676.00000276B2EF4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E6B000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2053192746.00000276AF57D000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2123306537.00000276B2AB4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2194697698.00000276B2F19000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2060803194.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2156525304.00000276AF757000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2154064023.00000276B2E63000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2057009980.00000276AF42F000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000002.2289104936.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2056796623.00000276AF582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zip
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zip7;5
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zip7;?c
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zip;
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zipFj
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcsp.zipT
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2151428676.00000276B2EF4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E6B000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2053192746.00000276AF57D000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2123306537.00000276B2AB4000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2194697698.00000276B2F19000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2060803194.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2156525304.00000276AF757000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2154064023.00000276B2E63000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2057009980.00000276AF42F000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000002.2289104936.00000276AF4E9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2056796623.00000276AF582000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcxt.zip
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcxt.zip7;
                      Source: BitComet.exe, 00000011.00000003.2157708657.00000276B2A3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://update.bitcomet.com/client/bitcomet/passport/v2.02-v2.99/embed_bcxt.zip;
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112061080.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112945566.0000000000D0B000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2211824199.0000000000D0F000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112539526.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1816881476.0000000000CF6000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1896351644.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiva
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/u
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1902616261.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1816881476.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112061080.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2211824199.0000000000D0F000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112539526.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/=
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0
                      Source: svchost.exe, 00000005.00000002.1366183472.000001A1DE413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.comc
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/client/redir/?http://www.torrentbar.com/search/$
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/client/redir/?http://www.torrentroom.com/search?client=bitcomet&k=$
                      Source: BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/client/redir/?http://www.torrentroom.com/search?client=bitcomet&k=$
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/client/redir/?https://thepiratebay.org/search/$
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007629000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/doc/term-of-use.php
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000B06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/doc/term-of-use.phpphplogo.pngbee50f9987751ad5c
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729929554.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bitcomet.com/http://www.bitcomet.com/index-zh.htmHomePage
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.btmon.com/
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.0000000002195000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.00000000076F6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1817033431.0000000000CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/z
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/iL
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/mL
                      Source: BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1953172087.00000276AEF43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inkscape.org/)
                      Source: BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1953172087.00000276AEF43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inkscape.org/namespaces/inkscape
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.live.com//
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1923564951.00000276B0380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/-CSr8KVlo.1L
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sumotorrent.com/
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.torrentbar.com
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.torrentbar.com/
                      Source: BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.torrentbar.comH
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.torrentroom.com
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.torrentroom.com/
                      Source: BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.torrentroom.comg
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1923597553.00000276B0380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
                      Source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://www.wxwidgets.org
                      Source: BitComet.exe, 00000011.00000003.1947625247.00000276B2A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com
                      Source: saBSI.exe, 0000000E.00000002.2212979064.00000000032B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
                      Source: saBSI.exe, 0000000E.00000002.2212979064.00000000032B5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
                      Source: saBSI.exe, 0000000E.00000003.1833363136.00000000032D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordUG
                      Source: saBSI.exe, 0000000E.00000003.1833363136.00000000032D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
                      Source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.comO
                      Source: BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appassets.bitcomet.com/index.html
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf)j
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dll
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://cdn.pawns.app/download/sdk/latest/windows/pawns-sdk.dllPawnsSDK
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729929554.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxSoftware
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.00000000021FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2088055359.000000000363B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2089162539.0000000003754000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112539526.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1817118590.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112061080.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2211824199.0000000000D0F000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.2112539526.0000000000D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1896843109.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000003.1817118590.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.00000000021FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2088055359.000000000363B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2089162539.0000000003719000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.00000000025D2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/files/cookie_mmm_irs_ppi_005_888_a.zipL
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/files/cookie_mmm_irs_ppi_005_888_a.zipLC
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/images/DOTPS-1511/547X280/EN.png
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/images/DOTPS-1511/547X280/EN.pngw
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/AVAST/images/DOTPS-1511/547X280/EN.pngzip
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.00000000021FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2088055359.000000000363B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000B06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007629000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.00000000025B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/BitComet/1695/BitComet_2.12_setup.exe
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002588000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871580187.00000000050B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipGOE3hIlgs2tOQL5BVoLYeW
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871580187.00000000050D8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000B06000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809635506.00000000050D8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808654382.00000000050D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipR
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.000000000503D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/images/943/EN.png
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871580187.00000000050D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/images/943/EN.png1ad5c
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/images/943/EN.png80/EN.pngzip
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/f/WebAdvisor/images/943/EN.png=
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.00000000021FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2088055359.000000000363B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2089162539.000000000376F000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/o
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019668526.0000000000A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/yPao
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.00000000021FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.925334668.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2088055359.000000000363B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2089162539.0000000003764000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.934652836.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.000000000262A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.0000000005086000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/zbd
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872327796.0000000006439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net/zbdB
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.0000000005073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1hboxy79wgmk4.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
                      Source: svchost.exe, 00000005.00000003.1365584147.000001A1DE46E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366309638.000001A1DE470000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365724953.000001A1DE45E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365769797.000001A1DE45B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
                      Source: svchost.exe, 00000005.00000002.1366298471.000001A1DE468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365667515.000001A1DE467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
                      Source: svchost.exe, 00000005.00000003.1365479466.000001A1DE474000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366320964.000001A1DE476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
                      Source: svchost.exe, 00000005.00000002.1366201494.000001A1DE427000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365769797.000001A1DE45B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
                      Source: svchost.exe, 00000005.00000002.1366298471.000001A1DE468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365667515.000001A1DE467000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366201494.000001A1DE427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
                      Source: svchost.exe, 00000005.00000002.1366201494.000001A1DE427000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
                      Source: svchost.exe, 00000005.00000002.1366226449.000001A1DE441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
                      Source: svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
                      Source: svchost.exe, 00000005.00000003.1365098212.000001A1DE434000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
                      Source: svchost.exe, 00000005.00000002.1366226449.000001A1DE441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
                      Source: svchost.exe, 00000005.00000002.1366284528.000001A1DE463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365684876.000001A1DE462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
                      Source: svchost.exe, 00000005.00000003.1365780771.000001A1DE443000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366237035.000001A1DE444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
                      Source: svchost.exe, 00000005.00000003.1365804298.000001A1DE432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
                      Source: svchost.exe, 00000005.00000003.1365098212.000001A1DE434000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
                      Source: svchost.exe, 00000005.00000002.1366298471.000001A1DE468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365667515.000001A1DE467000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366201494.000001A1DE427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
                      Source: BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feross.org
                      Source: svchost.exe, 00000004.00000003.1203110124.000001A1C91D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                      Source: svchost.exe, 00000004.00000003.1203110124.000001A1C9160000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
                      Source: BitComet.exe, 00000011.00000003.2141752970.00000276B2E7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inside.bitcomet.com/start/en_gb/2.12/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000000.924790202.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/364/202?image=883
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019439416.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.c
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019439416.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.co
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/po
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/pol
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/poli
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778256818.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007629000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2082609325.0000000002500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rise-platforms.com/privacy/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2073231401.0000000000A18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rise-platforms.com/privacy/t/zbder.2N
                      Source: saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
                      Source: saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/produc
                      Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
                      Source: saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/48/Win32/saBSI.exe
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
                      Source: saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xmlAG
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.1/1006/Win32/saBSI.exe
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
                      Source: saBSI.exe, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
                      Source: saBSI.exe, 0000000E.00000003.1833363136.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml=F
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
                      Source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplat.?SELF_UPDATE_ALLOWEDMAIN_XMLSTO
                      Source: saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPF
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRE=x86PF
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsoniveOS=ZG
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
                      Source: saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saDG
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLocalDG
                      Source: saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
                      Source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saupdater.exeWebAdvisor_Updaterthreat.api.mcafee.comheron_tok
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe3
                      Source: svchost.exe, 00000005.00000003.1365780771.000001A1DE443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
                      Source: svchost.exe, 00000005.00000002.1366250631.000001A1DE447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
                      Source: svchost.exe, 00000005.00000003.1365825575.000001A1DE44B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366214403.000001A1DE438000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366237035.000001A1DE444000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1366250631.000001A1DE447000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
                      Source: svchost.exe, 00000005.00000003.1365747084.000001A1DE446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
                      Source: svchost.exe, 00000005.00000002.1366201494.000001A1DE427000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
                      Source: BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://thepiratebay.org/
                      Source: svchost.exe, 00000005.00000002.1366262840.000001A1DE459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1365793367.000001A1DE458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
                      Source: BitComet.exe, 00000011.00000003.2061820002.00000276B2B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.bitcomet.com/client/bitcomet/?ver=2.12&intl=en_gb&osintl=jv&cid=f3c7ce63155e552be7a96
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778256818.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacyl
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778256818.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms.
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/license/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019439416.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-a
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091722247.00000000050BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products?
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productshtm
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.00000000076D8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.0000000007622000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091722247.00000000050BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872327796.0000000006439000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809635506.00000000050D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808654382.00000000050D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094369195.000000000643A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871580187.00000000050D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872327796.0000000006439000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094369195.000000000643A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy8
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.000000000503D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy89
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019439416.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-e_6
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778256818.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://www.bitcomet.com
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729929554.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitcomet.com/client/help/?item=install_firefox_extension&v=2.12&l=
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729929554.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729612036.0000000000440000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.bitcomet.com/client/install-stats/?l=en_us&file=BitComet_2.12_setup.exe&p=x64
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://www.bitcomet.com/client/video-download/OpenBCTPAddPictureLinkDownloadOpenBCTPListon_need_act
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitcomet.com/doc/privacy-policy.php
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitcomet.com/doc/privacy-policy.phpitComet
                      Source: BitComet.exe, 00000010.00000003.1874671447.0000023D010D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bitcomet.com/en/privacy-policy
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://www.bitcomet.comtest
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement#
                      Source: BitComet_2.12_setup.exe, 0000000B.00000003.1697352485.00000000036F2000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp, BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1868876570.0000023D02F05000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.1874471097.00000276AEB05000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/CPS0
                      Source: BitComet.exe, 00000011.00000003.2087975470.00000276AED9A000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2115510195.00000276AF4C9000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095606095.00000276B07F1000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2161841079.00000276B2B3A000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2118836933.00000276AF481000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2155781108.00000276AF4CF000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2097420161.00000276AED95000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2091898752.00000276B05EA000.00000004.00001000.00020000.00000000.sdmp, BitComet.exe, 00000011.00000003.2095121825.00000276AED97000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.demonoid.pw
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2094808388.0000000006930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778889606.0000000005096000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1945119926.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2235249108.0000000005AD0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943224076.0000000003334000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.0000000003352000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1943957163.00000000034A8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000003.1933298608.0000000003332000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000330E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.928775917.0000000002670000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.931497180.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000000.933134117.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.htmli
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2095217827.000000000767D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html1bee50f9987751ad5cpnggs2tOQL
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlB
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlPS-1511/547X280/EN.pngzip
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlf
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AFF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlgt
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2091314635.000000000507D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlie_mmm_irs_ppi_005_888_a.zipL
                      Source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlW
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlj
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlqG
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.0000000004FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersn
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1778256818.0000000000AE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2074860192.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.928775917.0000000002670000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.931497180.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000000.933134117.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019439416.0000000000AFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yo.o
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49689 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49691 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49693 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49695 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.10:443 -> 192.168.2.8:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.88.41.86:443 -> 192.168.2.8:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.245.45.231:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49714 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49715 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.114:443 -> 192.168.2.8:49716 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49717 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49719 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.8:49725 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.88.41.86:443 -> 192.168.2.8:49724 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.8:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.121:443 -> 192.168.2.8:49738 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.242.121:443 -> 192.168.2.8:49794 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49811 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49816 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 2.22.89.13:443 -> 192.168.2.8:49822 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_0040558F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,11_2_0040558F
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

                      System Summary

                      barindex
                      Found suspicious ZIP file
                      Source: embed_bcfs.zip.11.drZip Entry: assets/index-be2a7f67.js
                      Source: embed_bcfs_full.zip.11.drZip Entry: assets/index-2f1e175b.js
                      Source: embed_bcsp.zip.11.drZip Entry: assets/index-710fe85a.js
                      Source: embed_bcxt.zip.11.drZip Entry: assets/index-8e5ef939.js
                      Source: FirefoxExtension.xpi.11.drZip Entry: background.js
                      Source: FirefoxExtension.xpi.11.drZip Entry: js/content.js
                      Source: FirefoxExtension.xpi.11.drZip Entry: js/popup.js
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00406220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,14_2_00406220
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_004034A5
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00404DCC11_2_00404DCC
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00406AF211_2_00406AF2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00404F5014_2_00404F50
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00408FB014_2_00408FB0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0040511014_2_00405110
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043D54014_2_0043D540
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0044184014_2_00441840
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004070D914_2_004070D9
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0040F11014_2_0040F110
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00423AC014_2_00423AC0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043FFE014_2_0043FFE0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0048C11014_2_0048C110
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043819014_2_00438190
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004483A014_2_004483A0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0045066014_2_00450660
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0048860914_2_00488609
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004447C014_2_004447C0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0047091914_2_00470919
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0049099214_2_00490992
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00490AB214_2_00490AB2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00470B4B14_2_00470B4B
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00470DB014_2_00470DB0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00418EA014_2_00418EA0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003ECF4014_2_003ECF40
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0042D2C014_2_0042D2C0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0047933A14_2_0047933A
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003E540014_2_003E5400
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004814AF14_2_004814AF
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0048D8E014_2_0048D8E0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043A54014_2_0043A540
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003EA61014_2_003EA610
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004968E014_2_004968E0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004428A014_2_004428A0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003E2B0014_2_003E2B00
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00446D4314_2_00446D43
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0046ADD014_2_0046ADD0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0043F15014_2_0043F150
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0047B34014_2_0047B340
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004273B014_2_004273B0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0044B4F014_2_0044B4F0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0044760214_2_00447602
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003EF83014_2_003EF830
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004739A414_2_004739A4
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00443A3014_2_00443A30
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0041FB4014_2_0041FB40
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00413C5014_2_00413C50
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0040BCB014_2_0040BCB0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003E7D1014_2_003E7D10
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7906015_2_00E79060
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E769B015_2_00E769B0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7AB8015_2_00E7AB80
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E77C6015_2_00E77C60
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7342015_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8493115_2_00E84931
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E9030315_2_00E90303
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8BC7D15_2_00E8BC7D
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8EC5B15_2_00E8EC5B
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7E42015_2_00E7E420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8ED8715_2_00E8ED87
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8B7F015_2_00E8B7F0
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF65069100024_2_00007FF650691000
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF6507842CC24_2_00007FF6507842CC
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF65077FCF424_2_00007FF65077FCF4
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_00810E9025_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A40B625_2_007A40B6
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007BA1BF25_2_007BA1BF
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A436025_2_007A4360
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007EC4F025_2_007EC4F0
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A462725_2_007A4627
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007C26E825_2_007C26E8
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_008027D025_2_008027D0
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A48E225_2_007A48E2
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007DA9B025_2_007DA9B0
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A6A1E25_2_007A6A1E
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007FCA0025_2_007FCA00
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007FCAC025_2_007FCAC0
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007EACE025_2_007EACE0
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007AF08025_2_007AF080
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A11A225_2_007A11A2
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007B122A25_2_007B122A
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007B145925_2_007B1459
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007B168825_2_007B1688
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A372025_2_007A3720
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_0079F8F925_2_0079F8F9
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007BBA4925_2_007BBA49
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_00783C7025_2_00783C70
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A3D4425_2_007A3D44
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 0046A3A0 appears 32 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00469600 appears 60 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00468E31 appears 83 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00484231 appears 31 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 004685BF appears 165 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 003F1BE0 appears 70 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00428650 appears 192 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00468DFE appears 103 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00468375 appears 45 times
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: String function: 00468713 appears 374 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007A20B6 appears 88 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007863C0 appears 79 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007E0D80 appears 67 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007A2670 appears 52 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007A1DFF appears 49 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007A20EA appears 87 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007C7FE0 appears 107 times
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: String function: 007AC266 appears 31 times
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6728 -ip 6728
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                      Source: BitComet.exe.11.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: BitComet.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: bitcometd.exe.11.drStatic PE information: Resource name: ZIP type: Zip archive data, at least v2.0 to extract, compression method=deflate
                      Source: saBSI.exe.14.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                      Source: Instup.dll.24.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
                      Source: Instup.dll.24.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
                      Source: Instup.dll.24.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
                      Source: Instup.dll.24.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
                      Source: Instup.dll.24.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.928775917.0000000002670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.931497180.000000007FB50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000003.2099491075.0000000002258000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe, 00000000.00000000.924916086.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
                      Source: classification engineClassification label: mal44.troj.evad.winEXE@66/337@89/17
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_004034A5
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00404850 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,11_2_00404850
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003F4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,14_2_003F4C8E
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00402104 CoCreateInstance,11_2_00402104
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00415318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,14_2_00415318
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitCometJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                      Source: C:\Program Files\BitComet\tools\UPNP.exeMutant created: \Sessions\1\BaseNamedObjects\{UPNP-ICF-A4AFA740-F3D0-4efc-B4BA-86948F1185D5}
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpMutant created: \Sessions\1\BaseNamedObjects\{08eb55fb-ff61-4fb7-8e9d-c036008acc06}Installer
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2952:120:WilError_03
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{08eb55fb-ff61-4fb7-8e9d-c036008acc06}Installer
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
                      Source: C:\Program Files\BitComet\BitComet.exeMutant created: \Sessions\1\BaseNamedObjects\75DAD82D-A77F-49e5-ADD3-8F11C1940689
                      Source: C:\Program Files\BitComet\BitComet.exeMutant created: \Sessions\1\BaseNamedObjects\{SIMPLEBT-53DE14D9-A616-4ff0-BA62-9DF424D0665C}
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6728
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_2c35cb228f88c56a07f6904e3f96cbaa
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeMutant created: \BaseNamedObjects\75DAD82D-A77F-49e5-ADD3-8F11C1940689
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
                      Source: C:\Program Files\BitComet\BitComet.exeMutant created: \Sessions\1\BaseNamedObjects\{SIMPLEBT-D19EACFB-5FD1-4615-A179-A9B9E38A6506}
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeFile created: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: /cookie15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: EDAT_ECOO15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: /silent15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: /cust_ini15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: Enabled15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxyType15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: Port15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: User15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: Password15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: ProxySettings15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: Properties15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: {versionSwitch}15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: stable15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCommand line argument: %s\%s15_2_00E73420
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -add25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /add25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -delete25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /delete25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -addfw25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /addfw25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -deletefw25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /deletefw25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -addwfapp25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /addwfapp25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -app25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /app25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -filepath25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /filepath25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -lanip25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /lanip25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -tcpport25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /tcpport25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -udpport25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /udpport25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -tcpport125_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /tcpport125_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -udpport125_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /udpport125_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -tcpport225_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /tcpport225_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: -miniupnp25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: /miniupnp25_2_00810E90
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCommand line argument: UPNP25_2_00810E90
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeVirustotal: Detection: 29%
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeReversingLabs: Detection: 28%
                      Source: UPNP.exeString found in binary or memory: 75DAD82D-A77F-49e5-ADD3-8F11C1940689
                      Source: UPNP.exeString found in binary or memory: -addfw
                      Source: UPNP.exeString found in binary or memory: /addfw
                      Source: UPNP.exeString found in binary or memory: -addwfapp
                      Source: UPNP.exeString found in binary or memory: /addwfapp
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe"
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp "C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp" /SL5="$203BA,1635601,878080,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
                      Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
                      Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe" /S
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /reg
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe" --no_elevated
                      Source: unknownProcess created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe"
                      Source: unknownProcess created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" -service
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6728 -ip 6728
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 960
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeProcess created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 0 -udpport 0 -q
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=612.4712.7051115719988685246
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_update
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe "C:\Windows\Temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6728 -ip 6728
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1072
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp "C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp" /SL5="$203BA,1635601,878080,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe" /SJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeWJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Program Files\BitComet\BitComet.exe "C:\Program Files\BitComet\BitComet.exe" --no_elevatedJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /regJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91088 PaidDistribution=true saBsiVersion=4.1.1.865 CountryCode=US /no_self_updateJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeProcess created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 0 -udpport 0 -q
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=612.4712.7051115719988685246
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6728 -ip 6728
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 960
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6728 -ip 6728
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1072
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe "C:\Windows\Temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: netapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: oleacc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: winhttpcom.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: msftedit.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: windows.globalization.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: bcp47mrm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: globinputhost.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dataexchange.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: d3d11.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dcomp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: dxgi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: explorerframe.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: zipfldr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: shdocvw.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: shfolder.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: oledlg.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: urlmon.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wininet.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: winmm.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wsock32.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: version.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: msimg32.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: oleacc.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: iertutil.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: srvcli.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: netutils.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wldp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: profapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dbghelp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: mswsock.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: sspicli.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: winhttp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: winnsi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: propsys.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: edputil.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: wintypes.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: appresolver.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: bcp47langs.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: slc.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: userenv.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: sppc.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: apphelp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: firewallapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: fwbase.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: fwpolicyiomgr.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: linkinfo.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: textshaping.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: webview2loader.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: windowscodecs.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: thumbcache.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: policymanager.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: msvcp110_win.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dataexchange.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: d3d11.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dcomp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dxgi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: ntshrui.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: cscapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: taskflowdataengine.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: cdp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: umpdc.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dsreg.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dwmapi.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: explorerframe.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files\BitComet\BitComet.exeSection loaded: dbghelp.dll
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: winmm.dll
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: version.dll
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                      Source: BitComet.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\BitComet\BitComet.exe
                      Source: HomePage.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\BitComet\BitComet.url
                      Source: Uninstall.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\BitComet\uninst.exe
                      Source: BitComet.lnk0.11.drLNK file: ..\..\..\Program Files\BitComet\BitComet.exe
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile written: C:\Windows\Temp\asw.161463aa0a13b33a\asw8cd1f26ff407df94.ini
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpWindow found: window name: TSelectLanguageFormJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: OK
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Accept
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Accept
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpAutomated click: Next
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files\BitComet\BitComet.exeWindow detected: Number of UI elements: 40
                      Source: C:\Program Files\BitComet\BitComet.exeWindow detected: Number of UI elements: 40
                      Source: C:\Program Files\BitComet\BitComet.exeWindow detected: Number of UI elements: 40
                      Source: C:\Program Files\BitComet\BitComet.exeWindow detected: Number of UI elements: 40
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitCometJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ReadMe.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\License.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ChangeLog.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\BitComet.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\bitcometd.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\CrashReport.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\WebView2Loader.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\langJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ar.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-bg.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-bs.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ca.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-cs.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-da.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-de.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-el.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-en_US.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-es.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-et.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-eu.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fa.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fi.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-fr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-gl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-he.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hu.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-hy.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-id.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-it.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ja.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-kk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-kn.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ko.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ku.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-lt.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-lv.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-mk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ms.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-nb.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ne.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-nl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pt.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-pt_BR.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ro.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ru.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sl.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sq.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-sv.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ta.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-th.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-tr.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ug.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-uk.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-ur.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-vi.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-zh_CN.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\bitcomet-zh_TW.moJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\lang\HowTo-Translate.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2locationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2location\ip2location.binJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\ip2location\ip2location-country-multilingual.csvJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\webuiJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\webui\webui.zipJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\toolsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\UPNP.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\VideoSnapshot.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\Updater.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.pngJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeLauncher.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeLauncherManifest.jsonJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\ChromeExtension.crxJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\EdgeExtension.crxJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\FirefoxLauncherManifest.jsonJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\FirefoxExtension.xpiJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\tools\BitCometService.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\BitComet.urlJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDirectory created: C:\Program Files\BitComet\uninst.exeJump to behavior
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: certificate valid
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic file information: File size 2576472 > 1048576
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: E:\develop\BitCometAgent_ActiveX\app\Release_Unicode\BitCometAgent_ActiveX.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\BitComet_2.12\app\Release_unicode_x64\GUI_BitComet_wx.pdb source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp
                      Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000E.00000002.2203911933.00000000004AE000.00000002.00000001.01000000.00000015.sdmp, saBSI.exe, 0000000E.00000000.1779691122.00000000004AE000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: E:\develop\tools\desktop-toasts\Release\BitCometToastsNotifier.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: c:\jenkins\workspace\WebAdvisor-accesslib-caller_main\Build\Win32\Release\caller_dll.pdb source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Source\Repos\DS-Platform\zbShield-Utils-CPP\zbShieldUtils\bin\Release\zbShieldUtils.pdb source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1868158503.0000000007720000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1@3\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000E.00000003.1932953863.0000000005BBF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\BitComet_2.12\app\Release_unicode_x64\GUI_BitComet_wx.pdb-- source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp
                      Source: Binary string: d:\Develop\BitCometExtension_IE\app\release_unicode\BitCometBHO.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdbx source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: #F:\develop\VideoSnap\app\Release_unicode\VideoSnapshot.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\BUILD\work\01\fd301531736b4da4\projects\avast\microstub\x86\Release\microstub.pdb source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000000.1810881781.0000000000E92000.00000002.00000001.01000000.00000016.sdmp, cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2218846210.0000000000E92000.00000002.00000001.01000000.00000016.sdmp
                      Source: Binary string: D:\develop\CrashReport\CrashRpt_v3\bin\x64\Release LIB\CrashReport.pdb source: BitComet.exe, 00000010.00000003.1868876570.0000023D02D40000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: E:\develop\BitCometExtension_Chrome\bc_launcher_for_chrome\Release\ChromeLauncher.pdb source: BitComet_2.12_setup.exe, 0000000B.00000002.1730362832.0000000002774000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00432B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,14_2_00432B30
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x2fb5ed
                      Source: uninst.exe.11.drStatic PE information: real checksum: 0x23646e6 should be: 0x145753
                      Source: zbShieldUtils.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x20647e
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeStatic PE information: section name: .didata
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp.0.drStatic PE information: section name: .didata
                      Source: saBSI.exe.2.drStatic PE information: section name: .didat
                      Source: cookie_mmm_irs_ppi_005_888_a.exe.2.drStatic PE information: section name: .didat
                      Source: BitComet.exe.11.drStatic PE information: section name: .detourc
                      Source: BitComet.exe.11.drStatic PE information: section name: .detourd
                      Source: bitcometd.exe.11.drStatic PE information: section name: .detourc
                      Source: bitcometd.exe.11.drStatic PE information: section name: .detourd
                      Source: WebView2Loader.dll.11.drStatic PE information: section name: .gxfg
                      Source: WebView2Loader.dll.11.drStatic PE information: section name: .retplne
                      Source: WebView2Loader.dll.11.drStatic PE information: section name: _RDATA
                      Source: VideoSnapshot.exe.11.drStatic PE information: section name: _TEXT64
                      Source: VideoSnapshot.exe.11.drStatic PE information: section name: _RDATA
                      Source: saBSI.exe.14.drStatic PE information: section name: .didat
                      Source: avast_free_antivirus_setup_online_x64.exe.15.drStatic PE information: section name: .didat
                      Source: avast_free_antivirus_setup_online_x64.exe.15.drStatic PE information: section name: _RDATA
                      Source: HTMLayout.dll.24.drStatic PE information: section name: _RDATA
                      Source: Instup.exe.24.drStatic PE information: section name: _RDATA
                      Source: Instup.dll.24.drStatic PE information: section name: .didat
                      Source: Instup.dll.24.drStatic PE information: section name: _RDATA
                      Source: avbugreport_x64_ais-a5f.vpx.32.drStatic PE information: section name: _RDATA
                      Source: avdump_x64_ais-a5f.vpx.32.drStatic PE information: section name: .didat
                      Source: avdump_x64_ais-a5f.vpx.32.drStatic PE information: section name: _RDATA
                      Source: avdump_x86_ais-a5f.vpx.32.drStatic PE information: section name: .didat
                      Source: instcont_x64_ais-a5f.vpx.32.drStatic PE information: section name: _RDATA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_3_032A61C9 push ecx; iretd 11_3_032A61CA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_3_032A6CCF push eax; retf 11_3_032A6DBA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_3_032A6227 push ecx; ret 11_3_032A622A
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_3_032A7259 push ebx; retf 11_3_032A725A
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00468DDB push ecx; ret 14_2_00468DEE
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00497CFD push ecx; ret 14_2_00497D12
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7FFF6 push ecx; ret 15_2_00E80009
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_004883C6 push ecx; ret 18_2_004883D9
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A2090 push ecx; ret 25_2_007A20A3
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_00812513 push ecx; ret 25_2_00812528
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A26B6 push ecx; ret 25_2_007A26C9
                      Source: BitCometService.exe.11.drStatic PE information: section name: .text entropy: 6.943085600959711
                      Source: BitCometService.exe0.11.drStatic PE information: section name: .text entropy: 6.943085600959711
                      Source: VideoSnapshot.exe.11.drStatic PE information: section name: .text entropy: 6.902269600709831

                      Persistence and Installation Behavior

                      barindex
                      Contains functionality to infect the boot sector
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79060
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79C60
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79620
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\instcont_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\HTMLayout.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\Updater.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exe (copy)Jump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\bitcometd.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\BcNsisHelperXP.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avbugreport_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\BitCometService.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\ChromeLauncher.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\VideoSnapshot.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeFile created: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\uninst.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\BitComet.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\zbShieldUtils.dllJump to dropped file
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\mwaB074.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\System.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\uat64.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x86_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\UPNP.exeJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeFile created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeJump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\BitCometService.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\is-SHQ4T.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\CrashReport.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\BcNsisHelper.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeFile created: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\instcont_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\HTMLayout.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\uat64.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avbugreport_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x86_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeFile created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeJump to dropped file
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avbugreport_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x86_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeFile created: C:\Windows\Temp\asw.161463aa0a13b33a\instcont_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E73420 InterlockedExchange,GetVersionExW,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,IsValidSid,GetSidSubAuthorityCount,GetSidSubAuthority,CloseHandle,InterlockedExchange,InterlockedExchange,LoadStringW,CreateMutexW,GetLastError,InterlockedExchange,LoadStringW,InterlockedExchange,wsprintfW,InterlockedExchange,FindResourceW,LoadResource,SizeofResource,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,EnumResourceNamesW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,CryptStringToBinaryW,CryptStringToBinaryW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetVersionExW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,LoadStringW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,LoadStringW,LoadStringW,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,LoadStringW,LoadStringW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,CreateThread,CloseHandle,CreateThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ReleaseMutex,CloseHandle,Sleep,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,15_2_00E73420
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\ReadMe.txtJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\Program Files\BitComet\License.txtJump to behavior

                      Boot Survival

                      barindex
                      Contains functionality to infect the boot sector
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79060
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79C60
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,__mbsinc,__mbsinc,CloseHandle, \\.\PhysicalDrive%u15_2_00E79620
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITCOMET_HELPER_SERVICEJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\BitComet.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\HomePage.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)\Uninstall.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00420540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,14_2_00420540
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\BitComet.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Query firmware table information (likely to detect VMs)
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeSystem information queried: FirmwareTableInformationJump to behavior
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeSystem information queried: FirmwareTableInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeSystem information queried: FirmwareTableInformation
                      Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_00401440 rdtsc 12_2_00401440
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003F4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,14_2_003F4C8E
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeWindow / User API: threadDelayed 1432
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.161463aa0a13b33a\HTMLayout.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\VideoSnapshot.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometToastsNotifier.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\Updater.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\uninst.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\zbShieldUtils.dllJump to dropped file
                      Source: C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwaB074.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\bitcometd.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\BcNsisHelperXP.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\System.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.161463aa0a13b33a\uat64.dllJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x86_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.161463aa0a13b33a\avbugreport_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.161463aa0a13b33a\avdump_x64_ais-a5f.vpxJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometAgent_1.92.7.9.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\_isetup\_setup64.tmpJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\ChromeLauncher.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\CrashReport.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi10DA.tmp\BcNsisHelper.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeDropped PE file which has not been started: C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dllJump to dropped file
                      Source: C:\Program Files\BitComet\tools\UPNP.exeAPI coverage: 1.5 %
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp TID: 7108Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp TID: 7108Thread sleep time: -90000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 3568Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe TID: 4912Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Program Files\BitComet\tools\BitCometService.exe TID: 3560Thread sleep count: 1432 > 30
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe TID: 4424Thread sleep time: -90000s >= -30000s
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe TID: 416Thread sleep time: -30000s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeLast function: Thread delayed
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeThread sleep count: Count: 1432 delay: -10
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Code Cache\js FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Code Cache\wasm FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\blob_storage\827ccfbe-e766-4f05-bcf3-5bb0cdaf2f3e FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Cache\Cache_Data FullSizeInformation
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_0040672B FindFirstFileW,FindClose,11_2_0040672B
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,11_2_00405AFA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_00402868 FindFirstFileW,11_2_00402868
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00489BF0 FindFirstFileExW,14_2_00489BF0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E88F16 FindFirstFileExW,15_2_00E88F16
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007BDF28 FindFirstFileExW,25_2_007BDF28
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00452782 VirtualQuery,GetSystemInfo,14_2_00452782
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extractJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: svchost.exe, 00000009.00000002.2215232775.0000023A8A05E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: svchost.exe, 00000009.00000002.2213796489.0000023A8A02B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2077702204.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                      Source: svchost.exe, 00000009.00000002.2217983558.0000023A8A080000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000002.2090481560.000000000505A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X-Amz-Cf-Id: A-ye-VXh40s7xQvmciNwQzZmb3D1eWI2BadLHjBDuheWMt7ZMXCQtA==
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1809252109.0000000005071000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efL
                      Source: BitComet_2.12_setup.exe, 0000000B.00000002.1729929554.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:T
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1872419366.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2231872239.000001A1C3C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2273509919.000001A1C9457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000009.00000002.2211325415.0000023A8A002000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
                      Source: svchost.exe, 00000009.00000002.2217983558.0000023A8A064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                      Source: svchost.exe, 00000009.00000002.2217983558.0000023A8A064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                      Source: saBSI.exe, 0000000E.00000002.2212979064.000000000327E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n/eula","cp":"https://www.avg.com/ww-en/privacy","ram":256,"disk":2560,"cbfo":true,"x":1,"v":1}},{"ad":{"n":"","f":"ZB_CCleaner_White","o":"CCleaner"},"ps":{"i":"CCleaner/images/CCleaner_White/DOTPS-734/EN.png","dn":"CCleaner","u":"CCleaner/files/1665/CCleaner.zip","p":"/S /PI=L","r":["Piriform\\CCleaner","AVG\\TuneUp","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG TuneUp","AVAST Software\\TuneUp","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Cleanup"],"ctu":"https://www.ccleaner.com/legal/end-user-license-agreement","cp":"https://www.ccleaner.com/about/privacy-policy","pv":"1.33","cbfo":true,"ram":256,"disk":2560,"v":5}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360totalsecurity.com/en/privacy/","ctu":"https://www.360totalsecurity.com/en/license/","pv":"1.26","cbfo":true,"v":1}},{"ad":{"n":"","f":"ZB_Avast_BRW","o":"Avast_BRW"},"ps":{"dn":"Avast Secure Browser","i":"Avast_BRW/images/1293/EN.png","u":"Avast_BRW/files/dotps-1506/avast_secure_browser_setup.zip","p":"/s /run_source=avast_ads_is /is_pixel_psh={pxl} /make-default","c":"avast","r":["AVG\\Browser\\Installed","AVAST Software\\Browser\\Installed","Avira\\Browser\\Installed","Norton\\Browser\\Installed"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64","Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\brand\\AVCA","Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\brand\\AVCB","Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\brand\\AVFA","Google\\Update\\ClientState\\{430FD4D0-B729-4F61-AA34-91526481799D}\\brand\\AVFB","Goo
                      Source: SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1808865484.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1777624006.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1019478580.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1810128219.0000000000ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp, 00000002.00000003.1871913626.0000000000ABB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                      Source: svchost.exe, 00000009.00000002.2217983558.0000023A8A064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: svchost.exe, 00000009.00000002.2215232775.0000023A8A04B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: svchost.exe, 00000009.00000002.2217983558.0000023A8A064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000es
                      Source: saBSI.exe, 0000000E.00000003.1833363136.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000E.00000002.2212979064.00000000032E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWjn
                      Source: cookie_mmm_irs_ppi_005_888_a.exe, 0000000F.00000002.2204873768.0000000000CD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8\
                      Source: BitComet.exe, 00000010.00000003.1875347972.0000023D010AC000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1875642745.0000023D010AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&&
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeAPI call chain: ExitProcess graph end nodegraph_11-3736
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Potentially malicious time measurement code found
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_0040144012_2_00401440
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_004013D012_2_004013D0
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_0040144018_2_00401440
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_004013D018_2_004013D0
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess queried: DebugPort
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_00401440 rdtsc 12_2_00401440
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004693F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_004693F2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00405110 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,14_2_00405110
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003F4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,14_2_003F4C8E
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00497BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C14_2_00497BC0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00432B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,14_2_00432B30
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0047E8FE mov eax, dword ptr fs:[00000030h]14_2_0047E8FE
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00487C6A mov eax, dword ptr fs:[00000030h]14_2_00487C6A
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00487CF2 mov eax, dword ptr fs:[00000030h]14_2_00487CF2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00487CAE mov eax, dword ptr fs:[00000030h]14_2_00487CAE
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00487D23 mov eax, dword ptr fs:[00000030h]14_2_00487D23
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E89C98 mov eax, dword ptr fs:[00000030h]15_2_00E89C98
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E8655A mov eax, dword ptr fs:[00000030h]15_2_00E8655A
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_004AA94D mov eax, dword ptr fs:[00000030h]18_2_004AA94D
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007B4B30 mov eax, dword ptr fs:[00000030h]25_2_007B4B30
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_003F463F GetProcessHeap,14_2_003F463F
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00469018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00469018
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_004693F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_004693F2
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_0046D453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_0046D453
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: 14_2_00469586 SetUnhandledExceptionFilter,14_2_00469586
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7F85C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00E7F85C
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E82DB3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00E82DB3
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7FD5C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00E7FD5C
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeCode function: 15_2_00E7FEEF SetUnhandledExceptionFilter,15_2_00E7FEEF
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_00487F48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00487F48
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 18_2_004A037B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_004A037B
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF65075394C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00007FF65075394C
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF6507532E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_00007FF6507532E8
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeCode function: 24_2_00007FF650762A50 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00007FF650762A50
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A223C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,25_2_007A223C
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A2437 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_007A2437
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007CE500 SetUnhandledExceptionFilter,25_2_007CE500
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007A25CA SetUnhandledExceptionFilter,25_2_007A25CA
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007CD170 SetEvent,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,SetUnhandledExceptionFilter,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock,SafeRWList,25_2_007CD170
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007ABD1F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_007ABD1F
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe "C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeWJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeProcess created: C:\Program Files\BitComet\tools\BitCometService.exe "C:\Program Files\BitComet\tools\BitCometService.exe" /regJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeProcess created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files\BitComet\tools\UPNP.exe "C:\Program Files\BitComet\tools\UPNP.exe" -addfw -app BitComet -tcpport 0 -udpport 0 -q
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6728 -ip 6728
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 960
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6728 -ip 6728
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 1072
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe "C:\Windows\Temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bJ1koXNksC1Fwd613INyVwUBvZa6Wscne0As10800oxnz75S5hezfQGOE3hIlgs2tOQL5BVoLYeW /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:C:\Windows\Temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\BitComet\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\BitComet\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\BitComet\EBWebView" --webview-exe-name=BitComet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: unknown unknown
                      Source: C:\Program Files\BitComet\BitComet.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeProcess created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe "c:\windows\temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bj1koxnksc1fwd613inyvwubvza6wscne0as10800oxnz75s5hezfqgoe3hilgs2toql5bvolyew /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:c:\windows\temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=mojoipcz --mojo-named-platform-channel-pipe=612.4712.7051115719988685246
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\bitcomet\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\bitcomet\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe "c:\windows\temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bj1koxnksc1fwd613inyvwubvza6wscne0as10800oxnz75s5hezfqgoe3hilgs2toql5bvolyew /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:c:\windows\temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1_extract\cookie_mmm_irs_ppi_005_888_a.exeProcess created: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe "c:\windows\temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exe" /silent /ws /psh:2bj1koxnksc1fwd613inyvwubvza6wscne0as10800oxnz75s5hezfqgoe3hilgs2toql5bvolyew /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:c:\windows\temp\asw.4b2fe40e0cbdf5d0Jump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=mojoipcz --mojo-named-platform-channel-pipe=612.4712.7051115719988685246
                      Source: C:\Windows\Temp\asw.4b2fe40e0cbdf5d0\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exe "c:\windows\temp\asw.161463aa0a13b33a\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.161463aa0a13b33a /edition:1 /prod:ais /stub_context:447f08c6-9c4b-4dc7-b3fd-e4678a1c2372:11229128 /guid:1c64b2df-e13f-40ee-b91f-9217bb137f90 /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /silent /ws /psh:2bj1koxnksc1fwd613inyvwubvza6wscne0as10800oxnz75s5hezfqgoe3hilgs2toql5bvolyew /cookie:mmm_irs_ppi_005_888_a /ga_clientid:7301abd8-3444-481d-87a9-17f82bc00017 /edat_dir:c:\windows\temp\asw.4b2fe40e0cbdf5d0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\bitcomet\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\bitcomet\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff995258e88,0x7ff995258e98,0x7ff995258ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1792 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2556 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=3104 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563144499 --mojo-platform-channel-handle=3572 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563243382 --mojo-platform-channel-handle=3596 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563317476 --mojo-platform-channel-handle=3800 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\bitcomet\ebwebview" --webview-exe-name=bitcomet.exe --webview-exe-version=2.12 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741679660714015 --launch-time-ticks=4563397126 --mojo-platform-channel-handle=4060 --field-trial-handle=1796,i,3323684449792138723,8600736155880782346,262144 --enable-features=mojoipcz /prefetch:1
                      Source: BitComet.exe, 00000010.00000000.1866798644.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000010.00000002.1879397803.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmp, BitComet.exe, 00000011.00000000.1872870468.00007FF7C28BC000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: TrayIconsystray_hidesystray_animatmpRunningTasksThumbnailTipHelper::ShowThumbnailAtCursorIfTaskbarCreatedTrayNotifyWndTrayClockWClassShell_TrayWndCtrlSettings: handle saved for remove invalid system tray icon aftrer crash<0
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_00401000 cpuid 12_2_00401000
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,14_2_004845DA
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,14_2_0048C65F
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,14_2_0048C952
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,14_2_0048C907
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,14_2_0048C9ED
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,14_2_0048CA80
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,14_2_0048CCE0
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,14_2_0048CE06
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,14_2_0048CF0C
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_0048CFDB
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,14_2_00467E28
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,14_2_00483F6D
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: EnumSystemLocalesW,25_2_007B8C63
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,25_2_007C0F41
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: EnumSystemLocalesW,25_2_007C11B9
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetLocaleInfoW,25_2_007B91AF
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: EnumSystemLocalesW,25_2_007C1204
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: EnumSystemLocalesW,25_2_007C129F
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,25_2_007C132C
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetLocaleInfoW,25_2_007C157C
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,25_2_007C16A5
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetLocaleInfoW,25_2_007C17AC
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,25_2_007C1879
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\logo.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\AVAST.png VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod1.zip VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\finish.png VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Program Files\BitComet\BitComet.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files\BitComet\BitComet.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files\BitComet\BitComet.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Local\BitComet\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Windows\Temp\asw.161463aa0a13b33a\Instup.exeQueries volume information: C:\Windows\Temp\asw.161463aa0a13b33a\servers.def.vpx VolumeInformation
                      Source: C:\Program Files\BitComet\tools\BitCometService.exeCode function: 12_2_00488585 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_00488585
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_007BD839 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,25_2_007BD839
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\BitComet_2.12_setup.exeCode function: 11_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_004034A5
                      Source: C:\Users\user\AppData\Local\Temp\is-EBIH1.tmp\SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Changes security center settings (notifications, updates, antivirus, firewall)
                      Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATEJump to behavior
                      Source: svchost.exe, 0000000A.00000002.2228739375.00000206C5B02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
                      Source: BitComet.exe, 00000010.00000003.1875603715.0000023D010B7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1875347972.0000023D010AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RavLite.exe
                      Source: BitComet.exe, 00000010.00000003.1875603715.0000023D010B7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1875347972.0000023D010AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KAV32.exe
                      Source: BitComet.exe, 00000010.00000003.1875603715.0000023D010B7000.00000004.00000020.00020000.00000000.sdmp, BitComet.exe, 00000010.00000003.1875347972.0000023D010AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nod32.exe
                      Source: svchost.exe, 0000000A.00000002.2228739375.00000206C5B02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\AppData\Local\Temp\is-TB6PK.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                      Source: C:\Program Files\BitComet\BitComet.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

                      Stealing of Sensitive Information

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: 12.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2dec566.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000012.00000000.1876512050.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2205769184.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.1699492538.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000000.1698677287.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: 12.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2dec566.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.0.BitCometService.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.BitComet_2.12_setup.exe.2b5d53a.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000012.00000000.1876512050.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.2205769184.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.1699492538.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000000.1698677287.0000000000401000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.1730362832.0000000002B5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Program Files\BitComet\tools\UPNP.exeCode function: 25_2_00796D27 __EH_prolog3_GS,socket,WSAIoctl,htons,inet_addr,setsockopt,bind,closesocket,sendto,select,recv,closesocket,25_2_00796D27

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      1
                      Software                      		1
                      Scripting                      		Valid Accounts1
                      Windows Management Instrumentation                      		1
                      Scripting                      		1
                      DLL Side-Loading                      		13
                      Disable or Modify Tools                      		1
                      Network Sniffing                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		12
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory4
                      File and Directory Discovery                      		Remote Desktop Protocol1
                      Clipboard Data                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts13
                      Command and Scripting Interpreter                      		1
                      Windows Service                      		1
                      Windows Service                      		3
                      Obfuscated Files or Information                      		Security Account Manager1
                      Network Sniffing                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		12
                      Process Injection                      		1
                      Software Packing                      		NTDS67
                      System Information Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchd1
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		1
                      DLL Side-Loading                      		LSA Secrets1
                      Query Registry                      		SSHKeylogging24
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
                      Bootkit                      		1
                      Registry Run Keys / Startup Folder                      		23
                      Masquerading                      		Cached Domain Credentials2101
                      Security Software Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items15
                      Virtualization/Sandbox Evasion                      		DCSync15
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                      Modify Registry                      		Proc Filesystem3
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Access Token Manipulation                      		/etc/passwd and /etc/shadow1
                      Application Window Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                      Process Injection                      		Network Sniffing2
                      System Owner/User Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Bootkit                      		Input Capture1
                      Remote System Discovery                      		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1635043 Sample: SecuriteInfo.com.Trojan.Ins... Startdate: 11/03/2025 Architecture: WINDOWS Score: 44 118 v7event.stats.avast.com 2->118 120 update.bitcomet.com 2->120 122 21 other IPs or domains 2->122 148 Multi AV Scanner detection for dropped file 2->148 150 Multi AV Scanner detection for submitted file 2->150 152 Yara detected PrivateLoader 2->152 154 3 other signatures 2->154 10 SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exe 2 2->10         started        13 svchost.exe 2->13         started        16 BitComet.exe 2->16         started        19 9 other processes 2->19 signatures3 process4 dnsIp5 106 SecuriteInfo.com.T...099.24415.17034.tmp, PE32 10->106 dropped 21 SecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.tmp 5 28 10->21         started        164 Changes security center settings (notifications, updates, antivirus, firewall) 13->164 25 MpCmdRun.exe 13->25         started        108 dht.transmissionbt.com 212.129.33.59 OnlineSASFR France 16->108 27 msedgewebview2.exe 16->27         started        29 UPNP.exe 16->29         started        110 127.0.0.1 unknown unknown 19->110 31 WerFault.exe 19->31         started        33 WerFault.exe 19->33         started        file6 signatures7 process8 dnsIp9 138 d1hboxy79wgmk4.cloudfront.net 18.245.45.10, 443, 49689, 49690 AMAZON-02US United States 21->138 140 18.245.45.231 AMAZON-02US United States 21->140 142 3 other IPs or domains 21->142 90 C:\Users\user\AppData\...\zbShieldUtils.dll, PE32 21->90 dropped 92 C:\Users\...\cookie_mmm_irs_ppi_005_888_a.exe, PE32 21->92 dropped 94 C:\Users\user\AppData\Local\...\saBSI.exe, PE32 21->94 dropped 96 3 other malicious files 21->96 dropped 35 cookie_mmm_irs_ppi_005_888_a.exe 3 21->35         started        40 BitComet_2.12_setup.exe 67 140 21->40         started        42 saBSI.exe 2 9 21->42         started        52 3 other processes 21->52 44 conhost.exe 25->44         started        46 msedgewebview2.exe 27->46         started        48 msedgewebview2.exe 27->48         started        50 msedgewebview2.exe 27->50         started        54 5 other processes 27->54 file10 process11 dnsIp12 124 analytics-prod-gcp.ff.avast.com 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 35->124 126 a117.dscd.akamai.net 2.22.242.225 AKAMAI-ASN1EU European Union 35->126 78 avast_free_antivir...etup_online_x64.exe, PE32+ 35->78 dropped 158 Query firmware table information (likely to detect VMs) 35->158 160 Contains functionality to infect the boot sector 35->160 56 avast_free_antivirus_setup_online_x64.exe 35->56         started        80 C:\Users\user\AppData\Local\...\System.dll, PE32 40->80 dropped 82 C:\Users\user\AppData\...\BitCometService.exe, PE32 40->82 dropped 84 C:\Users\user\AppData\...\BcNsisHelperXP.dll, PE32 40->84 dropped 88 14 other files (8 malicious) 40->88 dropped 60 BitCometService.exe 1 40->60         started        128 mosaic-nova.apis.mcafee.com 52.88.41.86 AMAZON-02US United States 42->128 130 a866.dscd.akamai.net 2.22.242.114 AKAMAI-ASN1EU European Union 42->130 86 C:\ProgramData\McAfee\...\saBSI.exe, PE32 42->86 dropped 62 saBSI.exe 42->62         started        132 update.bitcomet.com 138.199.168.42 ORANGE-BUSINESS-SERVICES-IPSN-ASNFR European Union 46->132 134 apphit.com 95.111.225.211 CONTABODE Ukraine 46->134 136 4 other IPs or domains 46->136 file13 signatures14 process15 dnsIp16 98 C:\Windows\Temp\...\Instup.exe, PE32+ 56->98 dropped 100 C:\Windows\Temp\...\Instup.dll, PE32+ 56->100 dropped 102 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 56->102 dropped 162 Query firmware table information (likely to detect VMs) 56->162 65 Instup.exe 56->65         started        144 2.22.242.121 AKAMAI-ASN1EU European Union 62->144 146 2.22.89.13 AKAMAI-ASN1EU European Union 62->146 104 C:\Users\user\AppData\Local\...\mwaB074.tmp, PE32 62->104 dropped file17 signatures18 process19 dnsIp20 112 shepherd-gcp.ff.avast.com 34.160.176.28 ATGS-MMD-ASUS United States 65->112 114 23.48.23.20 AKAMAI-ASUS United States 65->114 116 11 other IPs or domains 65->116 70 C:\Windows\Temp\...\uat64.dll, PE32+ 65->70 dropped 72 C:\Windows\Temp\...\instcont_x64_ais-a5f.vpx, PE32+ 65->72 dropped 74 C:\Windows\Temp\...\avdump_x86_ais-a5f.vpx, PE32 65->74 dropped 76 2 other malicious files 65->76 dropped 156 Query firmware table information (likely to detect VMs) 65->156 file21 signatures22

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.