\n\n\n\n\n \n \nstart \n \n\n\n\n\n \n \n drop and start \n \n\n\n\n \n \n drop and start \n \n\n\n\n \n \n drop and start \n \n\n\n\n \n \n \n\n\n\n \n \n \n\n\n\n \n \n \n\n\n\n \n\nwinrar.exe \n\n \n\n\n\n\n \n\n\n\n \n\npandafreeav.exe \nno specs \n \n\n\n\n \n\npandafreeav.exe \n\n\n \n\n\n\n \n\nstub.exe \n\n\n \n\n\n\n \n\n{e6381693-c0f2-419c-80d1-de353cb06f20}.exe \n\n\n \n\n\n\n \n\nsetup.exe \n\n\n \n\n\n\n \n\nsetuputility.exe \nno specs \n \n\n\n\n \n\nsetuputility.exe \nno specs \n \n\n\n\n \n\ntmp766b.tmp.exe \n\n \n\n\n","processesValues":[{"rowId":"e7556648-9d6c-4b3b-8027-c3ca4ec1d9e3","rowData":{"threatLevel":0,"values":[2732,"\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe.7z\"","C:\\Program Files\\WinRAR\\WinRAR.exe",["executableDropped"],"Explorer.EXE"],"information":{"values":["admin","Alexander Roshal","MEDIUM","WinRAR archiver","","5.91.0"],"modules":[["c:\\windows\\system32\\ntdll.dll"],["c:\\program files\\winrar\\winrar.exe"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\comdlg32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\\comctl32.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\powrprof.dll"],["c:\\windows\\system32\\setupapi.dll"],["c:\\windows\\system32\\devobj.dll"],["c:\\windows\\system32\\cfgmgr32.dll"],["c:\\windows\\system32\\uxtheme.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\\gdiplus.dll"],["c:\\windows\\system32\\msimg32.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\propsys.dll"],["c:\\windows\\system32\\ntmarta.dll"],["c:\\windows\\system32\\wldap32.dll"],["c:\\windows\\system32\\riched20.dll"],["c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll"],["c:\\windows\\system32\\windowscodecs.dll"],["c:\\windows\\system32\\apphelp.dll"],["c:\\windows\\system32\\ehstorshell.dll"],["c:\\windows\\system32\\cscui.dll"],["c:\\windows\\system32\\cscdll.dll"],["c:\\windows\\system32\\cscapi.dll"],["c:\\windows\\system32\\srvcli.dll"],["c:\\windows\\system32\\ntshrui.dll"],["c:\\windows\\system32\\slc.dll"],["c:\\windows\\system32\\imageres.dll"],["c:\\windows\\system32\\mpr.dll"],["c:\\windows\\system32\\drprov.dll"],["c:\\windows\\system32\\winsta.dll"],["c:\\windows\\system32\\ntlanman.dll"],["c:\\windows\\system32\\davclnt.dll"],["c:\\windows\\system32\\davhlpr.dll"],["c:\\windows\\system32\\wkscli.dll"],["c:\\windows\\system32\\netutils.dll"],["c:\\windows\\system32\\wpdshext.dll"],["c:\\windows\\system32\\winmm.dll"],["c:\\windows\\system32\\portabledeviceapi.dll"],["c:\\windows\\system32\\wintrust.dll"],["c:\\windows\\system32\\msasn1.dll"],["c:\\windows\\system32\\crypt32.dll"],["c:\\windows\\system32\\audiodev.dll"],["c:\\windows\\system32\\wmvcore.dll"],["c:\\windows\\system32\\wmasf.dll"],["c:\\windows\\system32\\ehstorapi.dll"],["c:\\windows\\system32\\shdocvw.dll"],["c:\\windows\\system32\\secur32.dll"],["c:\\windows\\system32\\sspicli.dll"],["c:\\windows\\system32\\samcli.dll"],["c:\\windows\\system32\\samlib.dll"],["c:\\windows\\system32\\profapi.dll"],["c:\\program files\\winrar\\7zxa.dll"],["c:\\windows\\system32\\explorerframe.dll"],["c:\\windows\\system32\\duser.dll"],["c:\\windows\\system32\\dui70.dll"],["c:\\windows\\system32\\cryptsp.dll"],["c:\\windows\\system32\\rsaenh.dll"],["c:\\windows\\system32\\rpcrtremote.dll"]]}}},{"rowId":"3180b556-0169-4bcd-acd7-511161a8c7a1","rowData":{"threatLevel":0,"values":[1324,"\"C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe\" ","C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe",[],"Explorer.EXE"],"information":{"values":["admin","Panda Security, S.L.","MEDIUM","Panda Security SFX","3221226540","15.14.5.0"],"modules":[["c:\\users\\admin\\desktop\\pandafreeav.exe"],["c:\\windows\\system32\\ntdll.dll"]]}}},{"rowId":"2033677b-9989-4fac-a539-28b5c800700c","rowData":{"threatLevel":2,"values":[460,"\"C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe\" ","C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe",["privEscalation","executableDropped"],"Explorer.EXE"],"information":{"values":["admin","Panda Security, S.L.","HIGH","Panda Security SFX","","15.14.5.0"],"modules":[["c:\\users\\admin\\desktop\\pandafreeav.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\windows\\system32\\dwmapi.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\\comctl32.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\apphelp.dll"],["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\stub.exe"]]}}},{"rowId":"8eecf267-3a8b-4873-bdad-50a3948a7c19","rowData":{"threatLevel":2,"values":[3652,"\".\\Stub.exe\" /c \"181176\" /u \"http://acs.pandasoftware.com/Panda/FREEAV/181176/FREEAV.exe\" /a \"AFPZP1016\" /p \"4252\"","C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\Stub.exe",["network","executableDropped"],"PANDAFREEAV.exe"],"information":{"values":["admin","Panda Security, S.L.","HIGH","","","5.0.38.3"],"modules":[["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\stub.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\wininet.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-user32-l1-1-0.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-version-l1-1-0.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-normaliz-l1-1-0.dll"],["c:\\windows\\system32\\normaliz.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\iertutil.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l1-1-0.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\userenv.dll"],["c:\\windows\\system32\\profapi.dll"],["c:\\windows\\system32\\iphlpapi.dll"],["c:\\windows\\system32\\setupapi.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\\comctl32.dll"],["c:\\windows\\system32\\nsi.dll"],["c:\\windows\\system32\\winnsi.dll"],["c:\\windows\\system32\\powrprof.dll"],["c:\\windows\\system32\\cfgmgr32.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\devobj.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\psapi.dll"],["c:\\windows\\system32\\winmm.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\msi.dll"],["c:\\windows\\system32\\wintrust.dll"],["c:\\windows\\system32\\crypt32.dll"],["c:\\windows\\system32\\msasn1.dll"],["c:\\windows\\system32\\secur32.dll"],["c:\\windows\\system32\\sspicli.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l2-1-0.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-ole32-l1-1-0.dll"],["c:\\windows\\system32\\ws2_32.dll"],["c:\\windows\\system32\\winhttp.dll"],["c:\\windows\\system32\\webio.dll"],["c:\\windows\\system32\\mswsock.dll"],["c:\\windows\\system32\\wship6.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\\gdiplus.dll"],["c:\\windows\\system32\\dhcpcsvc6.dll"],["c:\\windows\\system32\\dhcpcsvc.dll"],["c:\\windows\\system32\\cryptsp.dll"],["c:\\windows\\system32\\rsaenh.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\commswrapper.dll"],["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\msvcr100.dll"],["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\msvcp100.dll"],["c:\\windows\\system32\\riched20.dll"],["c:\\users\\admin\\appdata\\local\\temp\\7zscc1eca71\\splash.dll"],["c:\\windows\\system32\\windowscodecs.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l2-1-0.dll"],["c:\\windows\\system32\\dnsapi.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\netprofm.dll"],["c:\\windows\\system32\\nlaapi.dll"],["c:\\windows\\system32\\wshtcpip.dll"],["c:\\windows\\system32\\rpcrtremote.dll"],["c:\\windows\\system32\\rasadhlp.dll"],["c:\\windows\\system32\\urlmon.dll"],["c:\\windows\\system32\\npmproxy.dll"],["c:\\windows\\system32\\fwpuclnt.dll"],["c:\\windows\\system32\\wshqos.dll"],["c:\\windows\\system32\\uxtheme.dll"],["c:\\windows\\system32\\credssp.dll"],["c:\\windows\\system32\\schannel.dll"],["c:\\windows\\system32\\ncrypt.dll"],["c:\\windows\\system32\\bcrypt.dll"],["c:\\windows\\system32\\bcryptprimitives.dll"],["c:\\windows\\system32\\gpapi.dll"],["c:\\windows\\system32\\cryptnet.dll"],["c:\\windows\\system32\\wldap32.dll"],["c:\\windows\\system32\\sensapi.dll"],["c:\\windows\\system32\\propsys.dll"],["c:\\windows\\system32\\ntmarta.dll"],["c:\\windows\\system32\\apphelp.dll"],["c:\\windows\\system32\\shdocvw.dll"],["c:\\users\\admin\\appdata\\local\\temp\\{e6381693-c0f2-419c-80d1-de353cb06f20}.exe"]]}}},{"rowId":"9739823d-2c5c-4ff6-8731-ecb7666da16b","rowData":{"threatLevel":2,"values":[3076,"\"C:\\Users\\admin\\AppData\\Local\\Temp\\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe\" ","C:\\Users\\admin\\AppData\\Local\\Temp\\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe",["stealing","executableDropped"],"Stub.exe"],"information":{"values":["admin","Microsoft Corporation","HIGH","Microsoft .NET Framework 4.6 Setup","","4.6.00081.00"],"modules":[["c:\\users\\admin\\appdata\\local\\temp\\{e6381693-c0f2-419c-80d1-de353cb06f20}.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\\comctl32.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\cabinet.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\clusapi.dll"],["c:\\windows\\system32\\cryptdll.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\windows\\system32\\cryptsp.dll"],["c:\\windows\\system32\\rsaenh.dll"],["c:\\windows\\system32\\ntmarta.dll"],["c:\\windows\\system32\\wldap32.dll"],["c:\\windows\\system32\\feclient.dll"],["c:\\windows\\system32\\uxtheme.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\apphelp.dll"],["c:\\39adf1b9158926f1f694\\setup.exe"]]}}},{"rowId":"4203fd76-675f-4266-9179-bc075b4e9169","rowData":{"threatLevel":2,"values":[2368,"C:\\39adf1b9158926f1f694\\\\Setup.exe /x86 /x64 /web","C:\\39adf1b9158926f1f694\\Setup.exe",["network","executableDropped"],"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe"],"information":{"values":["admin","Microsoft Corporation","HIGH","Setup Installer","","14.0.0081.0 built by: NETFXREL2"],"modules":[["c:\\39adf1b9158926f1f694\\setup.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\39adf1b9158926f1f694\\setupengine.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\msi.dll"],["c:\\windows\\system32\\userenv.dll"],["c:\\windows\\system32\\profapi.dll"],["c:\\windows\\system32\\psapi.dll"],["c:\\windows\\system32\\winhttp.dll"],["c:\\windows\\system32\\webio.dll"],["c:\\windows\\system32\\wintrust.dll"],["c:\\windows\\system32\\secur32.dll"],["c:\\windows\\system32\\msasn1.dll"],["c:\\windows\\system32\\crypt32.dll"],["c:\\39adf1b9158926f1f694\\sqmapi.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-ole32-l1-1-0.dll"],["c:\\windows\\system32\\urlmon.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-advapi32-l1-1-0.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-user32-l1-1-0.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-version-l1-1-0.dll"],["c:\\windows\\system32\\normaliz.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-shlwapi-l1-1-0.dll"],["c:\\windows\\system32\\iertutil.dll"],["c:\\windows\\system32\\api-ms-win-downlevel-normaliz-l1-1-0.dll"],["c:\\windows\\system32\\netapi32.dll"],["c:\\windows\\system32\\wininet.dll"],["c:\\windows\\system32\\netutils.dll"],["c:\\windows\\system32\\srvcli.dll"],["c:\\windows\\system32\\apphelp.dll"],["c:\\windows\\system32\\wkscli.dll"],["c:\\windows\\apppatch\\acgenral.dll"],["c:\\windows\\system32\\sspicli.dll"],["c:\\windows\\system32\\uxtheme.dll"],["c:\\windows\\system32\\winmm.dll"],["c:\\windows\\system32\\samcli.dll"],["c:\\windows\\system32\\msacm32.dll"],["c:\\windows\\system32\\sfc.dll"],["c:\\windows\\system32\\sfc_os.dll"],["c:\\windows\\system32\\dwmapi.dll"],["c:\\windows\\system32\\setupapi.dll"],["c:\\windows\\system32\\cfgmgr32.dll"],["c:\\windows\\system32\\mpr.dll"],["c:\\windows\\system32\\devobj.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\msxml3.dll"],["c:\\windows\\system32\\bcrypt.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\\comctl32.dll"],["c:\\39adf1b9158926f1f694\\setupui.dll"],["c:\\windows\\system32\\comdlg32.dll"],["c:\\windows\\system32\\msxml6.dll"],["c:\\39adf1b9158926f1f694\\1033\\setupresources.dll"],["c:\\windows\\system32\\wuapi.dll"],["c:\\windows\\system32\\cabinet.dll"],["c:\\windows\\system32\\wups.dll"],["c:\\windows\\system32\\cryptsp.dll"],["c:\\windows\\system32\\rsaenh.dll"],["c:\\windows\\system32\\rpcrtremote.dll"],["c:\\windows\\system32\\wu.upgrade.ps.dll"],["c:\\windows\\system32\\mscoree.dll"],["c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorlib.dll"],["c:\\windows\\system32\\riched20.dll"],["c:\\windows\\system32\\msls31.dll"],["c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorsvw.exe"],["c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorsvw.exe"],["c:\\windows\\system32\\netfxperf.dll"],["c:\\windows\\system32\\iconcodecservice.dll"],["c:\\windows\\system32\\windowscodecs.dll"],["c:\\windows\\system32\\wevtapi.dll"],["c:\\windows\\system32\\rstrtmgr.dll"],["c:\\windows\\system32\\ncrypt.dll"],["c:\\windows\\system32\\bcryptprimitives.dll"],["c:\\windows\\system32\\imagehlp.dll"],["c:\\windows\\system32\\gpapi.dll"],["c:\\windows\\system32\\cryptnet.dll"],["c:\\windows\\system32\\wldap32.dll"],["c:\\windows\\system32\\sensapi.dll"],["c:\\windows\\system32\\ws2_32.dll"],["c:\\windows\\system32\\nsi.dll"],["c:\\windows\\system32\\credssp.dll"],["c:\\windows\\system32\\mswsock.dll"],["c:\\windows\\system32\\wshtcpip.dll"],["c:\\windows\\system32\\wship6.dll"],["c:\\windows\\system32\\iphlpapi.dll"],["c:\\windows\\system32\\winnsi.dll"],["c:\\windows\\system32\\dhcpcsvc6.dll"],["c:\\windows\\system32\\dhcpcsvc.dll"],["c:\\windows\\system32\\dnsapi.dll"],["c:\\windows\\system32\\rasadhlp.dll"],["c:\\windows\\system32\\fwpuclnt.dll"],["c:\\39adf1b9158926f1f694\\setuputility.exe"],["c:\\windows\\system32\\qmgrprxy.dll"],["c:\\windows\\system32\\bitsprx2.dll"],["c:\\39adf1b9158926f1f694\\tmp766b.tmp.exe"],["c:\\windows\\system32\\propsys.dll"],["c:\\program files\\filezilla ftp client\\fzshellext.dll"],["c:\\windows\\system32\\ntshrui.dll"],["c:\\windows\\system32\\cscapi.dll"],["c:\\windows\\system32\\slc.dll"],["c:\\windows\\system32\\ntmarta.dll"],["c:\\windows\\system32\\mssprxy.dll"],["c:\\windows\\system32\\msisip.dll"]]}}},{"rowId":"5f13037b-18ae-4a80-8bdb-d3ed8a52bc78","rowData":{"threatLevel":2,"values":[832,"SetupUtility.exe /aupause","C:\\39adf1b9158926f1f694\\SetupUtility.exe",[],"Setup.exe"],"information":{"values":["admin","Microsoft Corporation","HIGH","Microsoft .NET Framework 4.5 Setup","0","14.0.0081.0 built by: NETFXREL2"],"modules":[["c:\\39adf1b9158926f1f694\\setuputility.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\msi.dll"],["c:\\windows\\system32\\userenv.dll"],["c:\\windows\\system32\\profapi.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\cryptbase.dll"],["c:\\windows\\system32\\clbcatq.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\wuapi.dll"],["c:\\windows\\system32\\crypt32.dll"],["c:\\windows\\system32\\msasn1.dll"],["c:\\windows\\system32\\cabinet.dll"],["c:\\windows\\system32\\wintrust.dll"],["c:\\windows\\system32\\wups.dll"],["c:\\windows\\system32\\cryptsp.dll"],["c:\\windows\\system32\\rsaenh.dll"],["c:\\windows\\system32\\rpcrtremote.dll"],["c:\\windows\\system32\\wu.upgrade.ps.dll"]]}}},{"rowId":"c0e7c3d3-7678-4ac5-9c4c-6529ec15f76d","rowData":{"threatLevel":0,"values":[2324,"SetupUtility.exe /screboot","C:\\39adf1b9158926f1f694\\SetupUtility.exe",[],"Setup.exe"],"information":{"values":["admin","Microsoft Corporation","HIGH","Microsoft .NET Framework 4.5 Setup","0","14.0.0081.0 built by: NETFXREL2"],"modules":[["c:\\39adf1b9158926f1f694\\setuputility.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\userenv.dll"],["c:\\windows\\system32\\msi.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\profapi.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\mscoree.dll"]]}}},{"rowId":"e4b304f0-d32c-4c4b-811c-073ea88b0e7b","rowData":{"threatLevel":0,"values":[2684,"TMP766B.tmp.exe /Q /X:C:\\39adf1b9158926f1f694\\TMP766B.tmp.exe.tmp","C:\\39adf1b9158926f1f694\\TMP766B.tmp.exe",["executableDropped"],"Setup.exe"],"information":{"values":["admin","Microsoft Corporation","HIGH","Microsoft .NET Framework 4.6 Setup","0","4.6.00081.00"],"modules":[["c:\\39adf1b9158926f1f694\\tmp766b.tmp.exe"],["c:\\windows\\system32\\ntdll.dll"],["c:\\windows\\system32\\kernelbase.dll"],["c:\\windows\\system32\\kernel32.dll"],["c:\\windows\\system32\\advapi32.dll"],["c:\\windows\\system32\\msvcrt.dll"],["c:\\windows\\system32\\sechost.dll"],["c:\\windows\\system32\\rpcrt4.dll"],["c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\\comctl32.dll"],["c:\\windows\\system32\\gdi32.dll"],["c:\\windows\\system32\\user32.dll"],["c:\\windows\\system32\\shlwapi.dll"],["c:\\windows\\system32\\oleaut32.dll"],["c:\\windows\\system32\\usp10.dll"],["c:\\windows\\system32\\shell32.dll"],["c:\\windows\\system32\\lpk.dll"],["c:\\windows\\system32\\cabinet.dll"],["c:\\windows\\system32\\ole32.dll"],["c:\\windows\\system32\\version.dll"],["c:\\windows\\system32\\imm32.dll"],["c:\\windows\\system32\\msctf.dll"],["c:\\windows\\system32\\feclient.dll"]]}}}]},"registryActivity":{"stats":[{"name":"Total events","value":"11 425"},{"name":"Read events","value":"11 360"},{"name":"Write events","value":"65"},{"name":"Delete events","value":"0"}],"modificationEvents":[{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\Interface\\Themes","name":"ShellExtBMP","value":""},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\Interface\\Themes","name":"ShellExtIcon","value":""},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CLASSES_ROOT\\Local Settings\\MuiCache\\16C\\52C64B7E","name":"LanguageList","value":"en-US"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\ArcHistory","name":"2","value":"C:\\Users\\admin\\Desktop\\virtio_ivshmem_master_build.zip"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\ArcHistory","name":"1","value":"C:\\Users\\admin\\Desktop\\Win7-KB3191566-x86.zip"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\ArcHistory","name":"0","value":"C:\\Users\\admin\\Desktop\\PANDAFREEAV.exe.7z"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\FileList\\FileColumnWidths","name":"name","value":"120"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\FileList\\FileColumnWidths","name":"size","value":"80"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\FileList\\FileColumnWidths","name":"type","value":"120"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\FileList\\FileColumnWidths","name":"mtime","value":"100"},{"pid":"(2732) WinRAR.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\WinRAR\\Interface","name":"ShowPassword","value":"0"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings","name":"ProxyEnable","value":"0"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections","name":"SavedLegacySettings","value":"460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"ProxyBypass","value":"1"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"IntranetName","value":"1"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"UNCAsIntranet","value":"1"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap","name":"AutoDetect","value":"0"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content","name":"CachePrefix","value":""},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies","name":"CachePrefix","value":"Cookie:"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History","name":"CachePrefix","value":"Visited:"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{362E934C-743B-4588-8259-D2482DB771A8}","name":"WpadDecisionReason","value":"1"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{362E934C-743B-4588-8259-D2482DB771A8}","name":"WpadDecisionTime","value":"D4BE52B78909D801"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{362E934C-743B-4588-8259-D2482DB771A8}","name":"WpadDecision","value":"0"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{362E934C-743B-4588-8259-D2482DB771A8}","name":"WpadNetworkName","value":"Network 4"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\52-54-00-36-3e-ff","name":"WpadDecisionReason","value":"1"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\52-54-00-36-3e-ff","name":"WpadDecisionTime","value":"D4BE52B78909D801"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\52-54-00-36-3e-ff","name":"WpadDecision","value":"0"},{"pid":"(3652) Stub.exe","operation":"write","key":"HKEY_CLASSES_ROOT\\Local Settings\\MuiCache\\16C\\52C64B7E","name":"LanguageList","value":"en-US"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000","name":"Owner","value":"400900007CFB31C18909D801"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000","name":"SessionHash","value":"9EB06553F63FA95C4519B3AEE1E84C1E270A59CF62E45B49E39CE7A991AF2D56"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000","name":"Sequence","value":"1"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000","name":"RegFiles0005","value":"c:\\windows\\microsoft.net\\assembly\\gac_msil\\presentationframework-systemdata\\v4.0_4.0.0.0__b77a5c561934e089\\presentationframework-systemdata.dll"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000","name":"RegFilesHash","value":"BC1B09FC14D4EDE8E8D2EC746053C4D8F89C9A18189DA591BAFBB326EB424988"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_CLASSES_ROOT\\Local Settings\\MuiCache\\16C\\52C64B7E","name":"LanguageList","value":"en-US"},{"pid":"(2368) Setup.exe","operation":"write","key":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\3B1EFD3A66EA28B16697394703A72CA340A05BD5","name":"Blob","value":"5900000001000000160000005200530041002F005300480041003200350036000000040000000100000010000000A266BB7DCC38A562631361BBF61DD11B140000000100000014000000D5F656CB8FE8A25C6268D13D94905BD7CE9A18C40300000001000000140000003B1EFD3A66EA28B16697394703A72CA340A05BD50B00000001000000540000004D006900630072006F0073006F0066007400200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F0072006900740079002000320030003100300000000F000000010000002000000008FBA831C08544208F5208686B991CA1B2CFC510E7301784DDF1EB5BF03932391900000001000000100000003C70FAEA25600CE3B2CC5F0B222ED6295C0000000100000004000000001000002000000001000000F1050000308205ED308203D5A003020102021028CC3A25BFBA44AC449A9B586B4339AA300D06092A864886F70D01010B0500308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F726974792032303130301E170D3130303632333231353732345A170D3335303632333232303430315A308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F72697479203230313030820222300D06092A864886F70D01010105000382020F003082020A0282020100B9089E28E4E4EC064E5068B341C57BEBAEB68EAF81BA22441F6534694CBE704017F2167BE279FD86ED0D39F41BA8AD92901ECB3D768F5AD9B591102E3C058D8A6D2454E71FED56AD83B4509C15A51774885920FC08C58476D368D46F2878CE5CB8F3509044FFE3635FBEA19A2C961504D607FE1E8421E0423111C4283694CF50A4629EC9D6AB7100B25B0CE696D40A2496F5FFC6D5B71BD7CBB72162AF12DCA15D37E31AFB1A4698C09BC0E7631F2A0893027E1E6A8EF29F1889E42285A2B1845740FFF50ED86F9CEDE2453101CD17E97FB08145E3AA214026A172AAA74F3C01057EEE8358B15E06639962917882B70D930C246AB41BDB27EC5F95043F934A30F59718B3A7F919A793331D01C8DB22525CD725C946F9A2FB875943BE9B62B18D2D86441A46AC78617E3009FAAE89C4412A2266039139459CC78B0CA8CA0D2FFB52EA0CF76333239DFEB01FAD67D6A75003C6047063B52CB1865A43B7FBAEF96E296E21214126068CC9C3EEB0C28593A1B985D9E6326C4B4C3FD65DA3E5B59D77C39CC055B77400E3B838AB839750E19A42241DC6C0A330D11A5AC85234F773F1C7181F33AD7AECCB4160F3239420C24845AC5C51C62E80C2E27715BD8587ED369D9691EE00B5A370EC9FE38D80688376BAAF5D70522216E266FBBAB3C5C2F73E2F77A6CADEC1A6C6484CC3375123D327D7B84E7096F0A14476AF78CF9AE166130203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414D5F656CB8FE8A25C6268D13D94905BD7CE9A18C4301006092B06010401823715010403020100300D06092A864886F70D01010B05000382020100ACA5968CBFBBAEA6F6D7718743315688FD1C32715B35B7D4F091F2AF37E214F1F30226053E16147F14BAB84FFB89B2B2E7D409CC6DB95B3B64657066B7F2B15ADF1A02F3F551B8676D79F3BF567BE484B92B1E9B409C2634F947189869D81CD7B6D1BF8F61C267C4B5EF60438E101B3649E420CAADA7C1B1276509F8CDF55B2AD08433F3EF1FF2F59C0B589337A075A0DE72DE6C752A6622F58C0630569F40B930AA40771582D78BECC0D3B2BD83C5770C1EAEAF1953A04D79719F0FAF30CE67F9D62CCC22417A07F2974218CE59791055DE6F10E4B8DA836640160968235B972E269A02BB578CC5B8BA69623280899EA1FDC0927C7B2B3319842A63C5006862FA9F478D997A453AA7E9EDEE6942B5F3819B4756107BFC7036841873EAEFF9974D9E3323DD260BBA2AB73F44DC8327FFBD61592B11B7CA4FDBC58B0C1C31AE32F8F8B942F77FDC619A76B15A04E1113D6645B71871BEC92485D6F3D4BA41345D122D25B98DA613486D4BB0077D99930961817457268AAB69E3E4D9C788CC24D8EC52245C1EBC9114E296DEEB0ADA9EDD5FB35BDBD482ECC620508725403AFBC7EECDFE33E56EC3840955032539C0E9355D6531A8F6BFA009CD29C7B336322EDC95F383C15ACF8B8DF6EAB321F8A4ED1E310EB64C11AB600BA412232217A3366482910412E0AB6F1ECB500561B440FF598671D1D533697CA9738A38D7640CF169"}]},"filesActivity":{"stats":[{"name":"Executable files","value":"41"},{"name":"Suspicious files","value":"8"},{"name":"Text files","value":"114"},{"name":"Unknown types","value":"8"}],"droppedFiles":[{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\recorte_cloud.png","md5":"F037258F333D7967D5CB7672AE0DD4CA","sha256":"226928BD446DBF9542DBDE8D38367194DCCA65C18A552F4F26DAF30520E41822","type":{"value":"image","type":0}},{"pid":2732,"process":"WinRAR.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\Rar$DRb2732.15823\\PANDAFREEAV.exe","md5":"459AD089E2FE8FB886DCD22F641B75EA","sha256":"7B24813FEA6F9B2CFB91A5AEB8F400B397E769D82BF577A9EEFBDD6E794EA4CF","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\atras.png","md5":"6F14ADB92D1AA42AD923182993281A21","sha256":"53F1830AE5664ABA50EDB70017519DB778953A269E4178566328A5328F422CEA","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\ico_ven_cancel.png","md5":"D3D94C8ACB4CE42424526DA2DCF5DF39","sha256":"4E67660226A201929A6CF6D75CBA7681FA278D30541D412458768FF785EA886B","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\avDetect.dat","md5":"9A17B5AC44705CC4BC3608C6232E1F16","sha256":"4AD849F737B18084B060828C7CCA48BCF512CC2ADA2A937F5CFBAB79F1B29677","type":{"value":"gpg","type":4}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\cancel.png","md5":"DC86C6898184A6335C26F7830A67B6B0","sha256":"BB138DA55A6362AFC4851C30C23BE279B08B1FFA2B4D3170A715C7571C46E5C1","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\img_product1.png","md5":"1714652A08968AAB7E4CCC1801E0050F","sha256":"EF693F45D5CFBE30A3F4F0081DAED414390B412DE0946CD45C14B9B218868390","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\img_product2.png","md5":"FD92546FC781EFEF844196C15E45F570","sha256":"99466F827368EF2FE2783E0112B683FDB29973055BEA1D88B30462918D776993","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_bul.png","md5":"6BE345E9B3C61C4ABAFEEAEE15BB6DC6","sha256":"5E6E8C18F239E740A842A167289C48D5DD8A72CBFB0519C83FA5AF7FBD61FC7D","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_chi_sim.png","md5":"C7B6F609A1474B0CB8CF0FAF50A2285E","sha256":"1641E037E4E7C91270E4DC6359CE1D00E8A2B6BB31D143D764E221BDE5D02168","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_bra.png","md5":"A48F4CA1316F2CE5829A13A6E473FF6B","sha256":"A0A3B6ECD55B9F6D5CCCD0F8CEAEC0385390E2405A7267DA1970CD51BD68EDBD","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_chi_tra.png","md5":"9BC154C90DF9BC76D58E182BD43809C9","sha256":"2ABC487808A9C2F7D4C03D78D595F2A9D4FD61F1D3042F098E2D07096EF2E7CB","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\background.png","md5":"66F91F2B36927E1B51344BDA4B373B04","sha256":"DAE5E3F303D3CAB68A7D920F081923BF89DD8FD1C58621C6BC3CAD8B880F1494","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\final_img.png","md5":"30595BC50C0660181E78FCC5CE594EC9","sha256":"3E20967850F3604DA98B070C8A82FD161B454E9B974B67503B04B04A39E254A1","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_dut.png","md5":"0B07DE9EE44426722E28B7D4E4AF1FC9","sha256":"1A5AC12D61AC5E51CE841F9A98CE78F1474B857F60E79C9B80F8F279C84678A8","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_fin.png","md5":"8E418DF97B8C4111CCD50C0C17315C6B","sha256":"91D34FAF20E8C26AC74F8BAAC37A3CFD7DCAF2E73207A6FFD53FA379BF13D9A2","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_eng.png","md5":"81354E9C2FD7345627769B3FE7170208","sha256":"33D026DC50F812A41B83E0D7E5EB2B4C35D9A35E93C09B9729B8C1A67A32B8F6","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_ger.png","md5":"5C441C6DDF34F033CBAA514B9EF44634","sha256":"716402FB9B69D7D0765A3BC2E4FB0D7976750394EBBA92EC050D2CD0F13F2EC7","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_dan.png","md5":"0D1A2B6C14E6351B1A92133297D565C5","sha256":"5CB0D9BC99F4B17B9E8DE4CEE5E15C91D080B2E0F83B9FFECC8830DCA39C5ACA","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_fre.png","md5":"B0C548A5529E5BB1C3AD451482547783","sha256":"B819B6C483A3FF99CBF670008279EF15F7E718A376963AC8A092F3DDB88046AF","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_hun.png","md5":"57081372D1587B4709FE543B2B506E14","sha256":"EF734177C18BDF8F2B511521D9B245AF426932A108EA910E6A987BDE220C8009","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_gre.png","md5":"96E74E56037D5C9BB0AF4DDB4878D774","sha256":"ABB97380ABAA187FA78E3D7378871823B95C19ACA6803B64251B0FAE8308A581","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_nor.png","md5":"46E32FC9262997AF81814FA612D46913","sha256":"F96B94B08AAE142EDB643FB125B6A978FDE697ED9EB7BFAAB1ECEC720274EBFC","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_rus.png","md5":"8BEE0A800CCD5CE6EB4BA2726DB5DD38","sha256":"B8304A93F2EFE084AE5F76D6EDCCC46D32E2D658666C99740E2C0155B932FF33","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_pol.png","md5":"F680507F4DFD9AB1BC02482633E8008D","sha256":"28F56AEF807DA8D9BF7A57E2424462577E459C13870E000B0839A4448C25E460","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_ita.png","md5":"2B614E0B7F794B5A72A89796026E05AB","sha256":"A97C8129E18D2E53BD8DABDB3DB58EC7E98A198E00DDEF3113CD96D4C601A689","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_tur.png","md5":"E339E67376A4CEF32B62B2721166ABA5","sha256":"195DA9B0353FAA5041827FF3CA24C95969A1A48150D6F44FC07EC04E4DBFB931","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_swe.png","md5":"73C267E6E3E666AEE82FD1B06B4C31ED","sha256":"A484D6F2ED2E08CDE9360EB5F33F0DA1A643C3031C9F5C0B8AF903631C13F92C","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_spa.png","md5":"1D70D3AE40F19B091CB0E251D37D6B5A","sha256":"58A8E4BB2542C19F7C9CEBADA575A7B755901F74596DD748A61893D46B4C901E","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\StubInstaller.ico","md5":"B1C57C999F8A3BDEC9529ABE456EED97","sha256":"E64DF356B9E79A982DAA7C3D35DB3BF85A800D4D7F870A64C666216BDE731657","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\putczip.dll","md5":"5FBBD0AD928BB667808D1ACB1A3427D4","sha256":"B1BD0D4F04DE3290F75F68C1A4699BB25D0FFCD616152F3ADBC2610B2344CDAD","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\Stubinstaller.ini","md5":"B60743583F91495A3E4F619E8CBD1442","sha256":"28BD8AC11FC118E592CA978F6FA40F53F0E8BCB91B654D79C55DF56E5FD16395","type":{"value":"ini","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\StubInstaller.dat","md5":"238DCAB1CB4709A2CB212A4ACF1944D2","sha256":"17B5F3D0697F2B41CF09D65F595E030B90DE23B2AFCDFB85BE1969B57C9A4B72","type":{"value":"binary","type":1}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_por.png","md5":"EB350769B6C5A1C298B29EF472390C2E","sha256":"61374D09794D3AAE32421F3D7363F6502286F6BBFC7096E60F95461FD5269991","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\res\\opera_slv.png","md5":"24184C4DDA78503CD91F0C76EDD6C0A8","sha256":"07CE1EB64DE925DE3DC80008D98B618003B91FA02340E8FFC3B5A7A51EF67946","type":{"value":"image","type":0}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\PSINanoRun.exe","md5":"3AD2044128C842EB326EAFF9B29A21B9","sha256":"3E1FFFD44C575E94D6CECBD40A05451EA191A5CBE5A1F5E92B61A9898490F2E7","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\InstallRes.dll","md5":"ACF7D45E9B3E5BE0FB4C1A2C38A6000B","sha256":"D5A071D71A25EADFE9782A53AEA53DFA807992E9C3F2D0EEFB8C6C1A67865A0A","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\CommsWrapper.dll","md5":"DE835B63304969AAB279FD08FF927A8D","sha256":"A474A520C9DAC0E66678A967E9B94923FCBD084E449403399F96B1F0879CF0E6","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\msvcr100.dll","md5":"BF38660A9125935658CFA3E53FDC7D65","sha256":"60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\msvcp100.dll","md5":"E3C817F7FE44CC870ECDBCBC3EA36132","sha256":"D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF","type":{"value":"executable","type":2}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\Splash.dll","md5":"CAE3BDF938E570DC1D06D9B669DE35F3","sha256":"DADDEE5633DB37C0968BEFD9339DAC7E202B9265BDEEF364341E8287BA38B85A","type":{"value":"executable","type":2}},{"pid":3652,"process":"Stub.exe","filename":"C:\\ProgramData\\Panda Security\\PSLogs\\Stub_exe.log","md5":"ECAA88F7FA0BF610A5A26CF545DCD3AA","sha256":"F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\watermark.bmp","md5":"B0075CEE80173D764C0237E840BA5879","sha256":"AB18374B3AAB10E5979E080D0410579F9771DB888BA1B80A5D81BA8896E2D33A","type":{"value":"image","type":0}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","md5":"F7DCB24540769805E5BB30D193944DCE","sha256":"6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA","type":{"value":"compressed","type":1}},{"pid":460,"process":"PANDAFREEAV.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\7zSCC1ECA71\\Stub.exe","md5":"4CE3DAD5815BA7AB73A16998D07E394C","sha256":"52ECC36C7E6E2D0A694227F35158D23D78592887E688291E7FD3C79E45F47BF1","type":{"value":"executable","type":2}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\57C8EDB95DF3F0AD4EE2DC2B8CFD4157","md5":"BAF00242DAC2C607CCEC8537FB289323","sha256":"F0C39BD48F603AA63BBB1FE733FDF905BAAE94E61A6B1752A2B8AB5903EDABA9","type":{"value":"binary","type":1}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\82CB34DD3343FE727DF8890D352E0D8F","md5":"4CE3EBBC54BF47D856F19F1BDFD546BD","sha256":"03887A592E96C10969759D00F7E8E58A8323DE635FA9946B111CE1CF3ABC6D76","type":{"value":"der","type":4}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\SplashScreen.bmp","md5":"BC32088BFAA1C76BA4B56639A2DEC592","sha256":"B05141DBC71669A7872A8E735E5E43A7F9713D4363B7A97543E1E05DCD7470A7","type":{"value":"image","type":0}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","md5":"58D88886A42AEB5D17E8B232C2697899","sha256":"E5CED0F95E6AEFC4E4EE0884CA7CE317FFF7D91EDBDA32243A436123E46D9439","type":{"value":"executable","type":2}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\82CB34DD3343FE727DF8890D352E0D8F","md5":"36AF1B19CA88700CE5E782D883F18C0A","sha256":"0AAC4368EC5FE75D8C20FC6B4FB6224F209B576518F9F72098066C591F3F909F","type":{"value":"binary","type":1}},{"pid":3652,"process":"Stub.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\{441D51FB-A9ED-4EAF-9D8F-52C8929623C4}.txt","md5":"7207E114C7E73188127DB7B9CB8F352B","sha256":"1E72004402F4B876B60EC00E62B3F2EA22688FF657A793B7E01464FCE8C1CF24","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\header.bmp","md5":"41C22EFA84CA74F0CE7076EB9A482E38","sha256":"255025A0D79EF2DAC04BD610363F966EF58328400BF31E1F8915E676478CD750","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate3.ico","md5":"0ADE6BE0DF29400E5534AA71ABFA03F6","sha256":"C2F6FAA18B16F728AE5536D5992CC76A4B83530A1EA74B9D11BEBDF871CF3B4E","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\DisplayIcon.ico","md5":"F9657D290048E169FFABBBB9C7412BE0","sha256":"B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Print.ico","md5":"D39BAD9DDA7B91613CB29B6BD55F0901","sha256":"D80FFEB020927F047C11FC4D9F34F985E0C7E5DFEA9FB23F2BC134874070E4E6","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate8.ico","md5":"E7A252C763CE259F800183FD9DD1F512","sha256":"FDE052EFE70C27D8023065F0859627FC88BF86E166016E9CB00185C21DE52742","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate5.ico","md5":"25F0D572761CB610BDAD6DD980C46CC7","sha256":"CE2AFC0AA52B3D459D6D8D7C551F7B8FBF323E2260326908C37A13F21FEE423E","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate1.ico","md5":"9B70C7FA81DCA6D3B992037D0C251D92","sha256":"18226B9D56D2B1C070A2C606428892773CB00B5B4B95397E79D01DE26685CCD4","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2052\\LocalizedData.xml","md5":"AFFD041800412B2A937C9BE555E6B01F","sha256":"0FF5C8F3EAD085F956A131693E6FFBF2584833731CFFF9CC351499871B3EAFC7","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate10.ico","md5":"0CCA04A3468575FDCEFEE9957E32F904","sha256":"B94E68C711B3B06D9A63C80AD013C7C7BBDB5F8E82CBC866B246FF22D99B03FE","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate9.ico","md5":"8853DA1F831CAE28E59D45F5E51885AC","sha256":"0203C7D678464641C016DC3D658ABA0A68F20B9A141D6E3EE1820C5B8B6401DB","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate4.ico","md5":"267B198FEF022D3B1D44CCA7FE589373","sha256":"303989B692A57FE34B47BB2F926B91AC605F288AE6C9479B33EAF15A14EB33AC","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Save.ico","md5":"C66BBE8F84496EF85F7AF6BED5212CEC","sha256":"1372C7F132595DDAD210C617E44FEDFF7A990A9E8974CC534CA80D897DD15ABD","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\stop.ico","md5":"7D1BCCCE4F2EE7C824C6304C4A2F9736","sha256":"BFB0332DF9FA20DEA30F0DB53CEAA389DF2722FD1ACF37F40AF954237717532D","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\SysReqNotMet.ico","md5":"ECA24331CE0850D188BD2EB5C22DE684","sha256":"DEBA0A7A6E2CA99D3380D35AE33F8D266806FDBCBF75FB06B5718BE5873258F6","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Setup.ico","md5":"6125F32AA97772AFDFF2649BD403419B","sha256":"A0C7B4B17A69775E1D94123DFCEEC824744901D55B463BA9DCA9301088F12EA5","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate6.ico","md5":"5AC2B8E1A766C204F996D9CE33FB3DB4","sha256":"EE387D9642DF93E4240361077AF6051C1B7E643C3CF110F43DA42E0EFE29A375","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\warn.ico","md5":"C8824EA3CE0A54FF1E89F8A296B4E64B","sha256":"4BB9EA033F4E93DBF42FC74E6FAF94FE8B777A34836F7D537436CBE409FD743F","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1028\\LocalizedData.xml","md5":"7B518979E15B23FEEB6CA58403F3721A","sha256":"FFC4023B1976757235F56A7E6C646950A6DEB4358AEFF665A85D287D0AA70E3F","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate2.ico","md5":"F824905E5501603E6720B784ADD71BDD","sha256":"D15A6F1EEFEFE4F9CD51B7B22E9C7B07C7ACAD72FD53E5F277E6D4E0976036C3","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\SysReqMet.ico","md5":"889472312E724195D7B946EECAEA20C1","sha256":"C9CA53F83A5CC10F726248D47FF82981B584B3FF62EE591229A8237C11340991","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Graphics\\Rotate7.ico","md5":"B4947D242AB4A902031FCD1FFD3A56CD","sha256":"995C9F4EA0D98C0C4E5037EDE43FC44A680D85CB1E37C782ADAB775915E975B8","type":{"value":"image","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1025\\LocalizedData.xml","md5":"349BC4B53DF4B7BA9885FC4986C687D1","sha256":"51D1E14B43EDBE9F5D8DBBB6E2EE08A04B9F78480845D3041E34804BC089719F","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1030\\LocalizedData.xml","md5":"1ED52437BE5656CEB29BA398E1EB35AA","sha256":"B84E3854C131573C716A62B6A3A18928449421720F8244622FA4A020253A28B6","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1033\\LocalizedData.xml","md5":"43C60C1720F3F189D7B0E917D0D496B4","sha256":"D9B2439DCFD42A97E971A906B1F576D0A5E3553434082BB044AB58B06D0C1879","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1031\\LocalizedData.xml","md5":"ED7850A5F925AF22EE229AB0CE6AABD4","sha256":"CCDE7DFFC69DAA5B020FB579DA4715B05C7EB3231731139102713F429F4B8C2B","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\3082\\LocalizedData.xml","md5":"9A7AB30D8AAEFD0263B1648C5EDE81EE","sha256":"EFA24C2E67F1A32EE7D0D08822909B17DDD488E34559322E466D5983A582ABDF","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1029\\LocalizedData.xml","md5":"F68DAE8CDD1A7E26BE4A0BBA399452C1","sha256":"75AEA2198CF76B9054A407CB217DD9A0C28546503F6548C860723E0D9F552327","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1032\\LocalizedData.xml","md5":"915C59CBEB1D0E2E3D17875AB6557D39","sha256":"A30F3B6A2FCCEBB470A040795D4144FEB27A625E24D81BDC666DF85DB4649E3A","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1041\\LocalizedData.xml","md5":"0197BCD560452EBB51C0AD118DC63087","sha256":"01DFAA8B2A15447CBBB4C0D2515CB54199EDBB3648131FE24CE48EBB1F3C8BFB","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1053\\LocalizedData.xml","md5":"2EF153EF6EEAD2CEEEC77D08943C5A1F","sha256":"516C6F3F591C3AEF2D7D9FBEF92AC172D655E13489005A9AA60F9492A0477CA5","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1042\\LocalizedData.xml","md5":"6943305456BFC876435C46C36F7E6402","sha256":"6F74FD8AAF1B3A16FF9E6669AA6BCDF0B86397C7175457F031AED50AB9F1B85A","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1037\\LocalizedData.xml","md5":"B958A669B74D850A47209E397E4A7C84","sha256":"700BE803F089C72973EDD6A517F8A62A3FB70AD761B7F5F2FE9EA06DADE6885D","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1035\\LocalizedData.xml","md5":"AA586B84884603F6B363AF60A6FE5CF4","sha256":"913DF0EC7665B055F3FD8B9B3F81AE3C6DBE6AF25B98E86F3B7F58460BC0EC4C","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1046\\LocalizedData.xml","md5":"60BCB132DFCA5B913302D7C1146F073C","sha256":"E34943B4C953AA278C2FFA2CE6F76BD2F530AA2E3DEF4B5D58792832FAAD8547","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1045\\LocalizedData.xml","md5":"747B6CA240FC9DE79C67166F21E63638","sha256":"AB2D3F6FEA48EAEB8B0497A55C2C92CF2ACB702E4E9A2C0C7EAFE814E7CC44E9","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1044\\LocalizedData.xml","md5":"6264E96178A904A10F162F94C0FDBAEE","sha256":"F604CD64421E551C6FD4EF4B5EBF327D506CE30055FD5AB57E982B04CEC0D1D3","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1040\\LocalizedData.xml","md5":"9C2C186E60C8F38C39BCC90DB12A513C","sha256":"B5097537A21404A47929591764E029CD75238AAF32CF77F1B7B8CD4840980F4E","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1049\\LocalizedData.xml","md5":"35D2F0619B2CE54764D4DEB2E26FA925","sha256":"ED1A227349087831E54CA0FD48BD514361EE8F8174800EEEEBA1F4C68F034012","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1043\\LocalizedData.xml","md5":"072908D5A453682A1B72997E5AF9EB71","sha256":"EBA1426C63B203E8303317F47D783D67D7240A9AC8281807321006910CE4BD21","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2070\\LocalizedData.xml","md5":"9375758946ABAF43AE2418D932F78C13","sha256":"100A6F11DC0BB25BA30357C1A50855F9D1736AC7CDA9CBC9F3DA55A31D4F01B8","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1038\\LocalizedData.xml","md5":"B11F71A6FA40C53FA44A695F7731A4FF","sha256":"183D52D9EA67EF96A3151952181981100FBEC1A332976133E47C45E30437B043","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1036\\LocalizedData.xml","md5":"0EC32EEC42F36F37D74DF7816351E42A","sha256":"F714085B13A1CF604F72CFC2CF9926A8936483BF1E00B4B212E3F8FD10D33838","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1055\\LocalizedData.xml","md5":"BD9873160C8916EE0BBA0BEE755AC291","sha256":"64B9E6586AEEB153D20D1B3624B8218785A78FB9A05140E278231F32E676521E","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\ParameterInfo.xml","md5":"446720F60F4A17EA7A33301101FBD89E","sha256":"3B101657020578C0A836134195F57B8C748AB460AB0B2ED3DC1D7C81E3DEFF45","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1025\\eula.rtf","md5":"BC8A899443E94AA88B0EFA37692D39D7","sha256":"4F1D17ED8B6E4FE11676912744BFB796934B920CED8BF65BE62EF4632A45F0C4","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\UiInfo.xml","md5":"CB78D0CA2B26AB8ED781819E722567A2","sha256":"7E6D551037D889EE3EB5FAB8B84F23CC9CE459C6150104A5D7F5C78ECF81C6D0","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\SetupUi.xsd","md5":"A9F6A028E93F3F6822EB900EC3FDA7AD","sha256":"AAF8CB1A9AF89D250CBC0893A172E2C406043B1F81A211CB93604F165B051848","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Strings.xml","md5":"8A28B474F4849BEE7354BA4C74087CEA","sha256":"2A7A44FB25476886617A1EC294A20A37552FD0824907F5284FADE3E496ED609B","type":{"value":"xml","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\DHtmlHeader.html","md5":"CD131D41791A543CC6F6ED1EA5BD257C","sha256":"E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB","type":{"value":"html","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1028\\eula.rtf","md5":"4E7525532E037599BD981C604C9E0B58","sha256":"CD1AE8E90AA335905E59DC7548D9251790DEF5D79A4FACD91477ED7B059355FE","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1036\\eula.rtf","md5":"7BBE5ABC6BEA511D2F1BC3AAD0375839","sha256":"05DBDB4D13C46B6147EF666DBE518D7D94687C3A49760C484018F131B895E576","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1035\\eula.rtf","md5":"406D246B68E5437CAC90ADE45ACDDF36","sha256":"7F77503E2E4B54C1AC13FA7F3587B29885A0280B99422949CD44285A1440C22F","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1043\\eula.rtf","md5":"44A3F631D72D0253913344A6451C9C04","sha256":"7CBAB9416AA28394D0A903A1419B1ABB5C0F8CEE92C0821407859EF2212CB45A","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1029\\eula.rtf","md5":"C39D3B9DB59960BA9CEB6B9D3C2AABC1","sha256":"6160AFA1BBA3328E303DD3E8EE4E45E2C0A39E37EE98125FEA4FE762DF960590","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1053\\eula.rtf","md5":"8CA89FAFA113BDCA3DFB5A141E206B84","sha256":"411414181D515AD8CA0ED1B1F462A067648A98D26451B7414D91601C1E6C449A","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1037\\eula.rtf","md5":"3BE1992CD2E4D9CA5D89621F25559378","sha256":"22AA867D37D9146DD86DBDC5869E9BD444CD05DF7668E7BFA55E39322F88C3CE","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1040\\eula.rtf","md5":"67A9F0946D135A41E51D90220C0C8C67","sha256":"1478376F05D1BBE824CF1EFDEBC485D736E3BA1AA72DC8DFF69CC9E3B8127CF8","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1031\\eula.rtf","md5":"8A4A240A60BB32E3CD53E1ABA87C0C79","sha256":"C370091F2C32FE9570E40EF03FD241FE8A98DC16418D4274B675375206AE2359","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1045\\eula.rtf","md5":"AB648E920DC59FB45DD2F9FD9022395F","sha256":"AE5A86D25BC39E7178C6FA6F31A88E09D73AD80CC36F9E255E937AC1A4FD6C73","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1038\\eula.rtf","md5":"293E0D15A4C1BEE5B9780C2A1874664E","sha256":"0DFBBD176A7D125E2CFDD9FBFCECF8470F1E57239E9B202C7491071F68518510","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1046\\eula.rtf","md5":"38D9C6729A26CE70A4C1FDCDF713330C","sha256":"93D224E61F60AB50BAFB44501DFFDAEA139883E535C6DC14EBF90255459FD570","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1032\\eula.rtf","md5":"7DFBC4B3B86DEBE4B46E03C633346CCC","sha256":"2C01BAFD313C67CAD3C05710792106C5A6B9AD316DABC5D6614B9492DD10B285","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1042\\eula.rtf","md5":"BC276E5145DB5CA24127CB921C5E2808","sha256":"518C628DDB63AAEBAEB9BDD2E9009E7277585A69FE1A16BBD984D8BD318E3140","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1041\\eula.rtf","md5":"D3F251C6FCF02EA716013D9AA8300AAE","sha256":"B4B6E837C04ABCCB561708AC13969CE2263D56A5BE18F02268E7AEA90CD097BE","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1033\\eula.rtf","md5":"A9CC9946D59444327FC2DE158C43AA38","sha256":"72F47AF01B72D9F499AE5D87508148C00C2D4BEB229A584CC9B9BA3416FFEB90","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1049\\eula.rtf","md5":"2DC63EF2D9079C2035E938A163E01654","sha256":"12586F586171CE3E0CE4A38244C453FA2E48A546E89297FA7E7EA3846F31ABB1","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1030\\eula.rtf","md5":"1714BF464118FC48E951A079A29F4D11","sha256":"CAEEFB843EA00ED22A1A6BB4A9DDB1D25B8E20CD3A3A1D2FEE52A0357AC13F23","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1044\\eula.rtf","md5":"9E163591854612B03E48DC660157778A","sha256":"EA50EAF008C10662E7CE79EAF09B436EC73A617F0A5949154C9493DF2CA83B76","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1055\\eula.rtf","md5":"3414258B3034783490A8BA099B2DAB25","sha256":"5DFBB086EE026DAD796AD22DBA9DA82D64B024D5AD02A4724F9B6506D99D21D3","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\3082\\eula.rtf","md5":"0F3C263C53AFADA86D3992BFCD7D91E5","sha256":"C6AE5B63ACC21DF755D5320E91B773710B0456C8AB533E568449EE9C8659BBBC","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\Setup.exe","md5":"07BE124A892BC1E7DD6C3AF029556DC1","sha256":"0E0A1503FBF5074D31E1CA4B17D6CA7B68BB031059CD672643C11380209CB92A","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\SetupUtility.exe","md5":"8DB09FC113D6470DDF95AD23847F39C2","sha256":"7EA69D954640A5FD05AF37DEF1F5F4ECAA5837C9615D58CA0923319D484F91BE","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1042\\SetupResources.dll","md5":"42507BD862922504FD1EAA98E03DCA89","sha256":"C0AB4706FBD9A6621849F7E6BE109E3CAE2D7236FF3115229ABD136031FAECD0","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2052\\eula.rtf","md5":"FD7FADA8C96C3CDD1B3B411F4FBF483D","sha256":"2290555DF2E2C968357F8FE963E5C6C74165D1EE9B8377FEC85A7AB03DE5BADA","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1028\\SetupResources.dll","md5":"356FD3029F9BDBA5D192E58D107A7D52","sha256":"CF71419A701DADB6CD35AE49CA5354E4D03F32A94389E45D5A96558856494EE3","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\SetupEngine.dll","md5":"40ACAA93601F9E80E2AEDD8C2B1662F7","sha256":"7D63CAC945B4ECFA09C859011870C4071CBCEA861B405D15776DD51C211BDBDC","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2052\\SetupResources.dll","md5":"21CAAF8A1C6034049532DF45332CD0CD","sha256":"1CA82B45D7D16967D93A254DD0CA6BC889AC0AC84862F9AAE394CE28CD6D5C4A","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1029\\SetupResources.dll","md5":"13DA53C52AFCEB4D5EC90CF4606C1896","sha256":"F8E957BBAA1C81BA9BF70D77115AADD9D561BE910E3617C4977335BAAFFC3EFD","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2070\\eula.rtf","md5":"FE8360F7B19F7869E6492990DBF85F78","sha256":"6FE81686B7DEB8708096553BD9D392E06C5C0F2D5E222DDC28CB09ECDD3EDAA1","type":{"value":"text","type":0}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1033\\SetupResources.dll","md5":"2C96C270F9D46106F480526FF28CF031","sha256":"57E96FFA80C5CBB28D4D56E0A668E28F56A1501E3F4FB5455D4E069C564A455C","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1030\\SetupResources.dll","md5":"D6BC6C48F9747B881EC2F3B2E3F3F057","sha256":"F31F03BD962A287DA4EE4DE51E95FE73AE7BBE168CEB80A9C1B7B7C5948CC6F0","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1041\\SetupResources.dll","md5":"3D468729BC28845A21CCED979C5340AD","sha256":"871200E90E3B5F15EF068DF965B754921FE1C96EC52ED56CF39AA0F558D97AE5","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1044\\SetupResources.dll","md5":"24FEDA16F6D2020B47BCEA4BF69071BE","sha256":"59AC8179B825267EB742A676CAA67CF19E718672E733B1471BADF56395947447","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1035\\SetupResources.dll","md5":"19A5B24518E1D59720CEFD2AEBEBF4FE","sha256":"13F3E8B8722902BD374426829CE753345FC95536D2A97CE04289A08D03295D56","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1037\\SetupResources.dll","md5":"818A307FAE1A1BB41FB092D684EF4872","sha256":"47E4B0CBA79D1ACC7EF7BF505499035812DBA41793F12888808FF54D55A1CC08","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1045\\SetupResources.dll","md5":"D07721FEF699E5842461278EBFEDAD0A","sha256":"2CA64C07DF713BAD8CAC53A5A7E6439D91D1AC15A72E5D7FD1D17B04268C26B9","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1046\\SetupResources.dll","md5":"2C660A00CCD3CE68B4C9CBBFC7021A17","sha256":"8918E0668508DECF63DF8287A3A2FC700C07537DB8B2070D536B4B8623ADE251","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1025\\SetupResources.dll","md5":"47FC1FE80452C81C9E2150320D017CF3","sha256":"25AAFBCB0418C6F12ABC125012CB295470772B0570E896E3D1357CF3AFC52BD2","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1031\\SetupResources.dll","md5":"F0FFAD61F1EEE8D9D5C1087D7AA8AAF8","sha256":"3D62109DDC0493DADEDF9FA568B6ABDC78F098B8053315D01E55E2ED349B77E3","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1040\\SetupResources.dll","md5":"F4B50199FC2437F0F834DACADED6FF70","sha256":"BE7DF7D00C535B789A9B1C11CF60D873541041F48281A35348D9104A73504840","type":{"value":"executable","type":2}},{"pid":2368,"process":"Setup.exe","filename":"C:\\39adf1b9158926f1f694\\Windows6.1-KB958488-v6001-x86.msu","md5":"—","sha256":"—","type":{}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\2070\\SetupResources.dll","md5":"056B563522D505DA911B4192C497E523","sha256":"3FD02B3E74758369030E4134EA1BE98A95B2705710E69E3FB020988AE5D37A5C","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\3082\\SetupResources.dll","md5":"A5EDF8CB48D3C8514FFFCAD7775A5D9B","sha256":"2924D27BB6CB77484C6305044EA84581B66024ED6801B31074625CE2E019AF40","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1036\\SetupResources.dll","md5":"75E95786E8AFA8CB00559F77247961DE","sha256":"6BAA0C76789BE80708C3F9E97258B39F3D06D6C69B3E92CAD6BC2FA861D2F7E5","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1038\\SetupResources.dll","md5":"66A2C79C740C051013C56AE7D5285279","sha256":"C37BBCB1E0FE1F56E4E83333270FDC48C46D80BE36181C505BC036047A95E6FF","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1043\\SetupResources.dll","md5":"632C4F2D2C6B73A4D0B9783D42D7AC91","sha256":"614639B08BA6433660E26FDDB6554AEAE5E13B44B7AF2CC4C9EDFF313E7869EF","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1032\\SetupResources.dll","md5":"A82699043A9405F40CA136909872E49C","sha256":"244ECE0C8E3EAD93549B455440185407EBF9ED1AD835244791BC6F444239D915","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1049\\SetupResources.dll","md5":"B66B97ABF73492EEC018E63CD8342026","sha256":"F41FF973568DDD7561DF348A00D294D4A489C829B799B13803917B27E4033307","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1053\\SetupResources.dll","md5":"531BCB6262B8D124BF15C6CC9F68DAFD","sha256":"5D8768C088C360B6B68BB1BD6CB12B75FDBFC8F05231BA2EEC5CCB197F2F08FF","type":{"value":"executable","type":2}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\HFIC012.tmp.html","md5":"F3B25701FE362EC84616A93A45CE9998","sha256":"B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209","type":{"value":"text","type":0}},{"pid":2684,"process":"TMP766B.tmp.exe","filename":"C:\\39adf1b9158926f1f694\\TMP766B.tmp.exe.tmp\\netfx_Full.mzz","md5":"—","sha256":"—","type":{}},{"pid":2368,"process":"Setup.exe","filename":"C:\\39adf1b9158926f1f694\\netfx_Full.mzz","md5":"—","sha256":"—","type":{}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\sqmapi.dll","md5":"6404765DEB80C2D8986F60DCE505915B","sha256":"B236253E9ECB1E377643AE5F91C0A429B91C9B30CCA1751A7BC4403EA6D94120","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\1055\\SetupResources.dll","md5":"6741D33F47D957FEBD887062B27FDF45","sha256":"BF36974E7B16014599E2596E42B60B261D72804D4F7F9CDF6D29671E284A9C26","type":{"value":"executable","type":2}},{"pid":3076,"process":"{E6381693-C0F2-419C-80D1-DE353CB06F20}.exe","filename":"C:\\39adf1b9158926f1f694\\SetupUi.dll","md5":"5A65AE94D5B334444102CEB6F005CF4F","sha256":"624DE3996820D57F38E49906E921C62891C7F9B65EEB149EE84E539FF5347976","type":{"value":"executable","type":2}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\Setup_20220114_210026481.html","md5":"CD131D41791A543CC6F6ED1EA5BD257C","sha256":"E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB","type":{"value":"html","type":0}},{"pid":832,"process":"SetupUtility.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\dd_SetupUtility.txt","md5":"C7A2E49DB88084E3A708949A96CAE2C3","sha256":"1D474351B000E88EA41C8B0CBAC7D40FF9980B268BFFA7EE5BEFC13F93F7E0F0","type":{"value":"text","type":0}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76","md5":"E95AF9B03513D729D28FD890CFF4EBE9","sha256":"B19F80A5970542F71E1728CDEEE5D4534598329BA22FABF5BBD2280EBD6BA629","type":{"value":"der","type":4}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\HFIC5A4.tmp.html","md5":"F3B25701FE362EC84616A93A45CE9998","sha256":"B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209","type":{"value":"text","type":0}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\Microsoft .NET Framework 4.6 Setup_20220114_210027747.html","md5":"E1F319BA701D69A8BC406ECB63786058","sha256":"09D0AA4F44E5C09CC311E15E00B77F06E378DCA68FA22A2EA9DED08D27A46A2D","type":{"value":"html","type":0}},{"pid":832,"process":"SetupUtility.exe","filename":"C:\\Windows\\WindowsUpdate.log","md5":"62017B25787997F31130934DC6DB864C","sha256":"B289F3CFB570F050705478E3DDBBC933DF50FF2F76AA5F131E490B3DAE95E79D","type":{"value":"text","type":0}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD","md5":"6872FAE8288DB34207D9E7EE350157F4","sha256":"50795B027E2BC566D3B7ACB89913F8EFD23B70615C9DB9BF5B23323AD3132A7D","type":{"value":"der","type":4}},{"pid":2684,"process":"TMP766B.tmp.exe","filename":"C:\\39adf1b9158926f1f694\\TMP766B.tmp.exe.tmp\\netfx_fullcab.msi","md5":"0E3BF774979A3B882AA7DFF49CCE411A","sha256":"512B1C4A034E222D924F94B7942495AAF79AF470BCEB3C984A1B069E329D9E9C","type":{"value":"executable","type":2}},{"pid":2684,"process":"TMP766B.tmp.exe","filename":"C:\\Users\\admin\\AppData\\Local\\Temp\\dd_TMP766B.tmp_decompression_log.txt","md5":"372BB4A14F15660CD1C689E9934BA509","sha256":"88ADBF9EE6542BD1FCC6BAA436356269D9D5D25A8014F3E59F2AA721A1E10693","type":{"value":"text","type":0}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37C951188967C8EB88D99893D9D191FE","md5":"7C13E2B4F2780CDDE5523C304CCA5015","sha256":"365F401AA9ABC00197C525989E6BD1DD131FC009EC547AC6230EFC83ADF6713B","type":{"value":"der","type":4}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37C951188967C8EB88D99893D9D191FE","md5":"049273E93BF2ADAEB117760D7A95A685","sha256":"699081C63D4FB3E512F3E976229EDB3CEF695597311F026F7B9BE6F83409E5D8","type":{"value":"binary","type":1}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A583E2A51BFBDC1E492A57B7C8325850","md5":"C59B81962F46B889395396CDD21C7AB7","sha256":"3DD445FD92063636B965552DD05EFF8EFB8D434BCA64461E0AF0BA5FF94A53A4","type":{"value":"der","type":4}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C0018BB1B5834735BFA60CD063B31956","md5":"F2AD82B5108E5DBFEF4CB344505823F0","sha256":"5738782B4FAD90BECA293376F16D1A6A2B00B18CE8F50AEECCFD480A7F4C02E0","type":{"value":"der","type":4}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A583E2A51BFBDC1E492A57B7C8325850","md5":"38FBF55A36235B2E12CE53C04ADD37E5","sha256":"35638A58B29848334AC16CA4F785CFEDD9E27061F0F67AED60E8BD18EEC63990","type":{"value":"binary","type":1}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C0018BB1B5834735BFA60CD063B31956","md5":"04F9B512ABD1CAA4C8909E77A1643AB6","sha256":"59057C87CBDAAB369DC4754DEDBB0617E2A169CF06B078460C494DC9D090C7B9","type":{"value":"binary","type":1}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C7F163ED126D5C3CB9457F68EC64E9E","md5":"1B24DD2A3B98CFC9533E679E665BAE28","sha256":"9AF07FDAC3EA0FC14EF6864DB9FB451E63BE777CDEA07491C7E98F4A4484D23F","type":{"value":"binary","type":1}},{"pid":2368,"process":"Setup.exe","filename":"C:\\Users\\admin\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C7F163ED126D5C3CB9457F68EC64E9E","md5":"51B05210BA1792DE3ACC1C13E9AF93D3","sha256":"05BA5820D3B14BA7C67B4FA32CAB0BFC2A7278D02D059B075C4B60B2DC6334C9","type":{"value":"der","type":4}},{"pid":2368,"process":"Setup.exe","filename":"C:\\39adf1b9158926f1f694\\TMP0000.tmp","md5":"C3FF1FFE08444AC9E9F335EBD8800260","sha256":"DB4925A2E2E04A4817B52739E1E11A5FD3E7A492EEA05577AC9FCD9622623C6C","type":{"value":"executable","type":2}}]},"synchronization":{"values":[]},"rpsRequests":{"values":[]},"networkActivity":{"stats":[{"name":"HTTP(S) requests","value":"21"},{"name":"TCP/UDP connections","value":"15"},{"name":"DNS requests","value":"17"},{"name":"Threats","value":"2"}],"requests":[[3652,"Stub.exe","GET",200,"2.16.107.106:80","http://acs.pandasoftware.com/Panda/FREEAV/Promo_pd/FREEAV_INST.txt","unknown",{"value":"text","type":0},"175 b",{"value":"whitelisted","type":3}],[3652,"Stub.exe","GET",200,"2.16.107.106:80","http://acs.pandasoftware.com/Panda/FREEAV/Promo_pd/FREEAV_INST.txt","unknown",{"value":"text","type":0},"175 b",{"value":"whitelisted","type":3}],[3652,"Stub.exe","GET",200,"40.69.210.172:80","http://eventtrack.pandasecurity.com/track/install/details.html?ProductID=4252&Stub_Event=Start&_ei=FD8174B1-CD36-4718-9BE0-AF16DE8B9B4D&_es=1&_et=Stub&_lt=20220114210010","IE",{"value":null},"—",{"value":"suspicious","type":1}],[3652,"Stub.exe","GET",200,"40.69.210.172:80","http://eventtrack.pandasecurity.com/track/install/details.html?Installation_Code=1034&Installation_End=ERROR&Stub_Event=End&_ei=DE61434F-0189-4DAB-9CC7-9DBAB4B1F3C3&_es=1&_et=Stub&_lt=20220114210010","IE",{"value":null},"—",{"value":"suspicious","type":1}],[3652,"Stub.exe","GET",200,"40.69.210.172:80","http://eventtrack.pandasecurity.com/track/install/details.html?Installation_Code=1035&Installation_End=ERROR&Stub_Event=End&_ei=CEC550F8-8E3D-4207-A21F-DB2F6AC746DB&_es=1&_et=Stub&_lt=20220114210010","IE",{"value":null},"—",{"value":"suspicious","type":1}],[3652,"Stub.exe","GET",301,"104.111.243.23:80","http://www.pandasecurity.com/Vg5sw34C5j","NL",{"value":"text","type":0},"105 b",{"value":"unknown","type":4}],[3652,"Stub.exe","GET",302,"92.122.255.148:80","http://download.microsoft.com/download/1/4/A/14A6C422-0D3C-4811-A31F-5EF91A83C368/NDP46-KB3045560-Web.exe","unknown",{"value":null},"—",{"value":"whitelisted","type":3}],[3652,"Stub.exe","GET",200,"93.184.220.29:80","http://crl3.digicert.com/Omniroot2025.crl","US",{"value":"der","type":4},"7.68 Kb",{"value":"shared","type":0}],[3652,"Stub.exe","GET",200,"41.63.96.0:80","http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b77572da0326f97c","ZA",{"value":"compressed","type":1},"4.70 Kb",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"92.123.194.163:80","http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl","unknown",{"value":"der","type":4},"519 b",{"value":"whitelisted","type":3}],[860,"svchost.exe","HEAD",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[860,"svchost.exe","GET",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=249117&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"92.123.194.154:80","http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl","unknown",{"value":"der","type":4},"767 b",{"value":"whitelisted","type":3}],[860,"svchost.exe","HEAD",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[860,"svchost.exe","GET",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=528231&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"104.85.1.163:80","http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl","US",{"value":"der","type":4},"1.05 Kb",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"92.123.194.163:80","http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl","unknown",{"value":"der","type":4},"1.11 Kb",{"value":"whitelisted","type":3}],[860,"svchost.exe","HEAD",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[860,"svchost.exe","GET",302,"104.89.38.104:80","http://go.microsoft.com/fwlink/?LinkId=528226&clcid=0x409","NL",{"value":null},"—",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"92.123.194.154:80","http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl","unknown",{"value":"der","type":4},"824 b",{"value":"whitelisted","type":3}],[2368,"Setup.exe","GET",200,"92.123.194.163:80","http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl","unknown",{"value":"der","type":4},"555 b",{"value":"whitelisted","type":3}]],"connections":[[3652,"Stub.exe","104.111.243.23:80","www.pandasecurity.com","Akamai International B.V.","NL",{"value":"unknown","type":4}],[3652,"Stub.exe","92.122.255.148:443","download.microsoft.com","GTT Communications Inc.","—",{"value":"malicious","type":2}],[3652,"Stub.exe","40.69.210.172:80","eventtrack.pandasecurity.com","Microsoft Corporation","IE",{"value":"suspicious","type":1}],[3652,"Stub.exe","92.122.255.148:80","download.microsoft.com","GTT Communications Inc.","—",{"value":"malicious","type":2}],[3652,"Stub.exe","2.16.107.106:80","acs.pandasoftware.com","Akamai International B.V.","—",{"value":"suspicious","type":1}],[3652,"Stub.exe","41.63.96.0:80","ctldl.windowsupdate.com","Limelight Networks, Inc.","ZA",{"value":"suspicious","type":1}],["—","—","93.184.220.29:80","ocsp.digicert.com","MCI Communications Services, Inc. d/b/a Verizon Business","US",{"value":"whitelisted","type":3}],[860,"svchost.exe","104.89.38.104:80","go.microsoft.com","Akamai Technologies, Inc.","NL",{"value":"malicious","type":2}],[860,"svchost.exe","104.102.28.147:443","download.microsoft.com","Akamai Technologies, Inc.","US",{"value":"suspicious","type":1}],[3652,"Stub.exe","93.184.220.29:80","ocsp.digicert.com","MCI Communications Services, Inc. d/b/a Verizon Business","US",{"value":"whitelisted","type":3}],[2368,"Setup.exe","92.123.194.154:80","crl.microsoft.com","Akamai International B.V.","—",{"value":"suspicious","type":1}],[2368,"Setup.exe","92.123.194.163:80","crl.microsoft.com","Akamai International B.V.","—",{"value":"suspicious","type":1}],[2368,"Setup.exe","104.85.1.163:80","www.microsoft.com","Time Warner Cable Internet LLC","US",{"value":"suspicious","type":1}],[860,"svchost.exe","68.232.34.200:443","download.visualstudio.microsoft.com","MCI Communications Services, Inc. d/b/a Verizon Business","US",{"value":"whitelisted","type":3}]],"dns":[["acs.pandasoftware.com",["2.16.107.106","2.16.107.33"],{"value":"whitelisted","type":3}],["eventtrack.pandasecurity.com",["40.69.210.172"],{"value":"unknown","type":4}],["www.pandasecurity.com",["104.111.243.23"],{"value":"unknown","type":4}],["download.microsoft.com",["92.122.255.148","104.102.28.147"],{"value":"whitelisted","type":3}],["ctldl.windowsupdate.com",["41.63.96.0","41.63.96.128"],{"value":"whitelisted","type":3}],["ocsp.digicert.com",["93.184.220.29"],{"value":"shared","type":0}],["crl3.digicert.com",["93.184.220.29"],{"value":"shared","type":0}],["crl.microsoft.com",["92.123.194.163","92.123.194.154","92.123.194.162"],{"value":"whitelisted","type":3}],["go.microsoft.com",["104.89.38.104"],{"value":"whitelisted","type":3}],["download.visualstudio.microsoft.com",["68.232.34.200"],{"value":"whitelisted","type":3}],["www.microsoft.com",["104.85.1.163"],{"value":"whitelisted","type":3}]],"threatsProCount":0,"threats":[[3652,"Stub.exe",{"value":"Potentially Bad Traffic","type":1},"ET INFO Terse Request for .txt - Likely Hostile"],[3652,"Stub.exe",{"value":"Potentially Bad Traffic","type":1},"ET INFO Terse Request for .txt - Likely Hostile"]]},"debugOutputStrings":{"values":[]},"meta":{"sha256":"4cfbfc663343d9b814d3f34142d9732b70508fdf82c1ae15d927a13840ef0ad1","uuid":"2a52a337-4164-474a-ae42-ad898cb3b923","isUrlType":false,"taskName":"PANDAFREEAV.exe.7z","title":"Free Malware Sandbox Online","isPrivate":false,"tags":[],"copyrightYear":2022},"vue_isInlineMode":false,"vue_publicPath":"/report/"}
We're sorry but any.run reports doesn't work properly without JavaScript enabled. Please enable it to continue.
General Info Add for printing
File name: PANDAFREEAV.exe.7z Full analysis: https://app.any.run/tasks/2a52a337-4164-474a-ae42-ad898cb3b923 Verdict: Malicious activity Analysis date: January 14, 2022, 20:59:45 OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) Indicators: MIME: application/x-7z-compressed File info: 7-zip archive data, version 0.4 MD5: EE2D971CECF7C7C5B94B1DB04F324007 SHA1: 7BA348194261A903938E15265B0F73C579123E0D SHA256: 4CFBFC663343D9B814D3F34142D9732B70508FDF82C1AE15D927A13840EF0AD1 SSDEEP: 49152:bsNAb4fijC72sqTRBFrshjHk1gb/sCTB4ouI/YEeifx6Ekm1:qfi2SFTRBFIhOC14e/6tEt
ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is.
ANY.RUN does not guarantee maliciousness or safety of the content.
Software environment set and analysis options Launch configuration Task duration: 120 seconds Heavy Evasion option: off Network geolocation: off Additional time used: 60 seconds MITM proxy: off Privacy: Public submission Fakenet option: off Route via Tor: off Autoconfirmation of UAC: on Network: on Processes Add for printing
Behavior graph Click at the process to see the details
start
drop and start
drop and start
drop and start
winrar.exe
pandafreeav.exe
no specs
pandafreeav.exe
stub.exe
{e6381693-c0f2-419c-80d1-de353cb06f20}.exe
setup.exe
setuputility.exe
no specs
setuputility.exe
no specs
tmp766b.tmp.exe
- +
Specs description Program did not start Low-level access to the HDD Process was added to the startup Debug information is available Probably Tor was used Behavior similar to spam Task has injected processes Executable file was dropped Known threat RAM overrun Network attacks were detected Integrity level elevation Connects to the network CPU overrun Process starts the services System was rebooted Task contains several apps running Application downloaded the executable file Actions similar to stealing personal data Task has apps ended with an error File is detected by antivirus software Inspected object has suspicious PE structure Behavior similar to exploiting the vulnerability Task contains an error or was rebooted The process has the malware config Process information
Network activity Add for printing
HTTP requests Download PCAP, analyze network streams, HTTP content and a lot more at the
full report Connections
DNS requests
Threats