popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

op.exe

Gen1 North Korea NSIS Generic Malware UPX Antivirus Malicious Library Malicious Packer OS Processor Check AntiDebug ftp .NET DLL PNG Format PE32 PE File .NET EXE AntiVM DLL icon
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 15, 2024, 1:44 p.m. Nov. 15, 2024, 1:48 p.m.
Size 2.8MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f5d20b351d56605bbb51befee989fa6e
SHA256 1fce2981e0d7d9c85adeea59a637d77555b466d6a6639999c6ae9b254c12dc6b
CRC32 E6045C81
ssdeep 49152:oG5UfgTLfZ8yjQ2ggjrxNsz51khblF2OhuyFmLpEmwQE39fC2XhkhwzQejcz+:oG5QgTLxDcgjrzuDKbjuywExQElC2XhF
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
www.google.com 172.217.175.100
flow.lavasoft.com 104.16.149.130
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003352a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003352a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003352a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\InstallDate
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .sxdata
packer Armadillo v1.71
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 2097152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006a0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00860000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a30000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ae0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00542000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00575000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0057b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00577000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04730000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04980000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04731000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04732000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04733000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04734000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04735000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04981000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04736000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04737000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04738000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00566000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0056a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00567000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04739000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0054a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0473a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0473b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0473c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04982000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04983000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04984000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04985000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0054c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0473e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04986000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0473f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04987000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x05290000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Microsoft.Win32.TaskScheduler.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Extension.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\installer.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Newtonsoft.Json.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Core.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\sciter32.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\HtmlAgilityPack.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferInstaller.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\H2OSciter.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Shared.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceBLL.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceSDK.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceSDK.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\sciter32.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\H2OSciter.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Core.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\HtmlAgilityPack.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\GenericSetup.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Newtonsoft.Json.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\MyDownloader.Extension.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\installer.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferServiceBLL.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Shared.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\OfferInstaller.exe
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
file C:\Users\test22\AppData\Local\Temp\7zS496521CD\Microsoft.Win32.TaskScheduler.dll
wmi SELECT * FROM Win32_VideoController
wmi SELECT * FROM Win32_BIOS
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
wmi SELECT * FROM Win32_Processor
wmi SELECT * FROM Win32_BaseBoard
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000000dc
process_name: mobsync.exe
process_identifier: 1668
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: taskhost.exe
process_identifier: 1940
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: cmd.exe
process_identifier: 1932
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchProtocolHost.exe
process_identifier: 1460
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: SearchFilterHost.exe
process_identifier: 1440
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: op.exe
process_identifier: 1684
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: pw.exe
process_identifier: 1508
1 1 0

Process32NextW

 snapshot_handle: 0x000000dc
process_name: installer.exe
process_identifier: 660
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
process installer.exe
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000424
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: 7-Zip
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Adobe AIR
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: IE5BAKEX
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: IEData
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: MobileOptionPack
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

 regkey_r: Office15.PROPLUSR
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExW

 regkey_r: SchedulingAgent
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: WIC
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

 regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExW

 regkey_r: {4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExW

 regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {91150000-0011-0000-0000-0000000FF1CE}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: {AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
1 0 0

RegOpenKeyExW

 regkey_r: {BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x00000424
key_handle: 0x0000044c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
wmi SELECT * FROM Win32_Processor
wmi SELECT * FROM Win32_BIOS
wmi SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
registry HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser\Update
registry HKEY_CURRENT_USER\SOFTWARE\AVAST Software\Browser\Update
Time & API Arguments Status Return Repeated

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\InstallingPage.html
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\InstallingPage.html
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\OfferPage.html
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\OfferPage.html
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\style.css
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\style.css
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\app.ico
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\app.ico
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\BundleConfig.json
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\BundleConfig.json
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
1 1 0
Time & API Arguments Status Return Repeated

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\en
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\es
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\fr
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\it
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\pt
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\InstallingPage.html
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\InstallingPage.html
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\OfferPage.html
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\OfferPage.html
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\style.css
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\style.css
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\loader.gif
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images\warning48x48.png
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\images
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Config.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\EventHandler.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\Log.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\TranslateOfferTemplate.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis\ViewStateLoader.tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\Resources\tis
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\ru
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\2024.11.15_22.24.21.562500_installer_pid=660.txt
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\app.ico
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\app.ico
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\BundleConfig.json
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\BundleConfig.json
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\de\DevLib.resources.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DevLib.Services.dll
1 1 0

MoveFileWithProgressW

 newfilepath_r:
flags: 4
oldfilepath_r: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
newfilepath:
oldfilepath: C:\Users\test22\AppData\Local\Temp\7zS496521CD\DynActsBLL.dll
1 1 0
Process injection Process 660 resumed a thread in remote process 2520
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000328
suspend_count: 1
process_identifier: 2520
1 0 0
Bkav W32.Common.D0F9054F
Cynet Malicious (score: 100)
Cylance Unsafe
CrowdStrike win/grayware_confidence_100% (W)
ESET-NOD32 a variant of MSIL/Adaware.A potentially unwanted
Avast Win32:UnwantedSig [PUP]
Kaspersky not-a-virus:AdWare.Win32.Agent.xxzhus
Alibaba AdWare:Win32/WebCompanion.86261949
Rising PUF.WebCompanion!8.9E98 (C64:YzY0OpUS2EfpcHkV)
DrWeb Adware.Downware.20305
TrendMicro PUA.Win32.WebCompanion.BT
CTX exe.adware.webcompanion
Jiangmin Downloader.Soft32.ed
Antiy-AVL GrayWare/MSIL.Adaware
Xcitium ApplicUnwnt@#2mzc8apw4jwaf
Microsoft PUABundler:Win32/ICBundler
ViRobot Adware.Webcompanion.2981296
ZoneAlarm not-a-virus:AdWare.Win32.Agent.xxzhus
GData Win32.Application.Agent.OTV2SQ
Varist W32/WebCompanion.R.gen!Eldorado
DeepInstinct MALICIOUS
VBA32 Adware.Downware
Malwarebytes PUP.Optional.BundleInstaller
Ikarus PUA.Optional.Install
TrendMicro-HouseCall PUA.Win32.WebCompanion.BT
MaxSecure Trojan.Malware.183074723.susgen
Fortinet Riskware/Generic_PUA_PI
AVG Win32:UnwantedSig [PUP]