Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecurityScan_Release.exe

Overview

General Information

Sample name:SecurityScan_Release.exe
Analysis ID:1585398
MD5:d19f7fb266813e0fba1d009be48c40d5
SHA1:49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
SHA256:9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Modifies the hosts file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • SecurityScan_Release.exe (PID: 3024 cmdline: "C:\Users\user\Desktop\SecurityScan_Release.exe" MD5: D19F7FB266813E0FBA1D009BE48C40D5)
    • MSSPResExtractor.exe (PID: 876 cmdline: "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
    • mc-webview-cnt.exe (PID: 6492 cmdline: "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb MD5: CD7D48BB339C72CCFE7DA3A3164180BC)
      • msedgewebview2.exe (PID: 5868 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6492.4264.5447351167827348215 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 980 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 6204 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 6212 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 1448 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 6220 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7568 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • MSSPResExtractor.exe (PID: 852 cmdline: "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
  • SecurityScan_Release.exe (PID: 6988 cmdline: "C:\Users\user\Desktop\SecurityScan_Release.exe" MD5: D19F7FB266813E0FBA1D009BE48C40D5)
  • SecurityScan_Release.exe (PID: 7060 cmdline: "C:\Users\user\Desktop\SecurityScan_Release.exe" MD5: D19F7FB266813E0FBA1D009BE48C40D5)
    • MSSPResExtractor.exe (PID: 7412 cmdline: "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
    • mc-webview-cnt.exe (PID: 7440 cmdline: "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb MD5: CD7D48BB339C72CCFE7DA3A3164180BC)
      • msedgewebview2.exe (PID: 7520 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=7440.7516.17558896153089345560 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 7544 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x174,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • MSSPResExtractor.exe (PID: 7644 cmdline: "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
      • SecurityScan_Inner.exe (PID: 7864 cmdline: "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\\SecurityScan_Inner.exe" /inner MD5: 555332D3D4F3197D171CB5B1331B15D9)
  • winver.exe (PID: 2784 cmdline: "C:\Windows\System32\winver.exe" MD5: 63DC2D604B8A96C9962494D1D957DD77)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-07T15:59:06.997900+010020283713Unknown Traffic192.168.2.164971244.231.153.113443TCP
2025-01-07T15:59:06.997900+010020283713Unknown Traffic192.168.2.164971244.231.153.113443TCP
2025-01-07T15:59:08.417267+010020283713Unknown Traffic192.168.2.164971344.231.153.113443TCP
2025-01-07T15:59:08.417267+010020283713Unknown Traffic192.168.2.164971344.231.153.113443TCP
2025-01-07T15:59:19.142014+010020283713Unknown Traffic192.168.2.164971944.231.153.113443TCP
2025-01-07T15:59:19.142014+010020283713Unknown Traffic192.168.2.164971944.231.153.113443TCP
2025-01-07T16:00:51.862507+010020283713Unknown Traffic192.168.2.164989052.35.229.208443TCP
2025-01-07T16:00:51.862507+010020283713Unknown Traffic192.168.2.164989052.35.229.208443TCP
2025-01-07T16:01:07.727197+010020283713Unknown Traffic192.168.2.164989352.35.171.66443TCP
2025-01-07T16:01:07.727197+010020283713Unknown Traffic192.168.2.164989352.35.171.66443TCP
2025-01-07T16:01:08.787150+010020283713Unknown Traffic192.168.2.164989452.35.171.66443TCP
2025-01-07T16:01:08.787150+010020283713Unknown Traffic192.168.2.164989452.35.171.66443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SecurityScan_Release.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SecurityScan_Release.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.35.229.208:443 -> 192.168.2.16:49890 version: TLS 1.2
Source: SecurityScan_Release.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49713 -> 44.231.153.113:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49712 -> 44.231.153.113:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49719 -> 44.231.153.113:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49890 -> 52.35.229.208:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49893 -> 52.35.171.66:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49894 -> 52.35.171.66:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 44.231.153.113:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.35.229.208:443 -> 192.168.2.16:49890 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: SecurityScan_Release.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal72.adwa.evad.winEXE@34/204@17/51
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeFile created: C:\Users\user\AppData\Roaming\McAfee
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMutant created: \Sessions\1\BaseNamedObjects\NULL
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMutant created: \Sessions\1\BaseNamedObjects\Local\{46C61DD2-00A3-46F1-B456-3E6CDCEF89B7}
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsf3DEB.tmp
Source: SecurityScan_Release.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\System32\winver.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Users\user\Desktop\SecurityScan_Release.exe
Source: unknownProcess created: C:\Users\user\Desktop\SecurityScan_Release.exe "C:\Users\user\Desktop\SecurityScan_Release.exe"
Source: unknownProcess created: C:\Users\user\Desktop\SecurityScan_Release.exe "C:\Users\user\Desktop\SecurityScan_Release.exe"
Source: unknownProcess created: C:\Users\user\Desktop\SecurityScan_Release.exe "C:\Users\user\Desktop\SecurityScan_Release.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6492.4264.5447351167827348215
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=7440.7516.17558896153089345560
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x174,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe"
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\\SecurityScan_Inner.exe" /inner
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exe "C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\\SecurityScan_Inner.exe" /inner
Source: unknownProcess created: C:\Windows\System32\winver.exe "C:\Windows\System32\winver.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dsrole.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: jscript9.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: webio.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cabinet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dui70.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: duser.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: chartv.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: atlthunk.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winsta.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cscapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dsrole.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: jscript9.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: webio.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: webview2loader.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: jscript9.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: webview2loader.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: jscript9.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile written: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\ftconfig.ini
Source: C:\Windows\System32\winver.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
Source: SecurityScan_Release.exeStatic PE information: certificate valid
Source: SecurityScan_Release.exeStatic file information: File size 27660968 > 1048576
Source: SecurityScan_Release.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McUICnt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exeFile created: C:\Users\user\AppData\Local\Temp\nsdF57.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AB50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AD00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B4C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B510000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B550000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B570000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B590000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B7D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B830000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B850000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B890000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B8B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B870000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B8E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B9A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B7D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BBA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BCC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BD20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BD40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BEA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BEC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BEE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AAA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C6A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C6E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C990000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C9C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C9E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CC20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CC40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CC60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CCC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CD20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CD80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CDF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CE40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CF60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CEB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CED0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CEF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CF10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CF30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CFC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CFE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D020000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D040000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D060000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D080000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D0A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D0C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E350000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E370000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E390000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E3B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E3D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E3F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E410000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E430000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E450000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E470000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E490000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E4B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: E4D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8FD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9170000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8CA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8CF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8D30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8D50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8D70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 8DB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9970000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9990000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 99B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 99D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9A50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9A00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9A90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9AD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9AF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9B50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeMemory allocated: 9BB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 8920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 8AC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 85F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 8640000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 8680000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 86A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 86C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 8700000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9270000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 92A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 92C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 92E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9380000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9330000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 93E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9400000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9420000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 9480000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeMemory allocated: 94E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: 4D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A8F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A930000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A970000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A990000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A9B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A9F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AA50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AA70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AA90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AAB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AAE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AB00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BD40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A9F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A9F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BFD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C020000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C680000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C6C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C6E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: A9F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BFA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BFC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BFE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C9A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C9C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C9E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA20000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CFC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: CFE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: D000000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B4C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BCD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C260000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C2A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C2E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C300000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: C320000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McUICnt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsdF57.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 6960Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 5084Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 7116Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 5636Thread sleep time: -150000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 6980Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 4528Thread sleep time: -480000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe TID: 7500Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 7176Thread sleep time: -870000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exe TID: 7736Thread sleep time: -480000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 2996Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 5636Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe TID: 5636Thread sleep time: -1050000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 2744Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\blob_storage\1915cf4b-16ab-4ad4-bc3d-123b3642aa05 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess information queried: ProcessInformation

Anti Debugging

barindex
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=6492.4264.5447351167827348215
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\msspwebeb\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\msspwebeb\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=7440.7516.17558896153089345560
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\msspwebeb\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\msspwebeb\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x174,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\msspwebeb\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\msspwebeb\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fff27ef8e88,0x7fff27ef8e98,0x7fff27ef8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1756 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2384 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4883734823 --mojo-platform-channel-handle=3308 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257074872177 --launch-time-ticks=4896010912 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,6605253056815991885,2925413455889371500,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Users\user\Desktop\SecurityScan_Release.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecurityScan_Release.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecurityScan_Release.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecurityScan_Release.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SecurityScan_Release.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts631
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
File and Directory Permissions Modification		LSASS Memory73
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Modify Registry		Security Account Manager541
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Disable or Modify Tools		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script541
Virtualization/Sandbox Evasion		LSA Secrets2
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Process Injection		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync3
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem134
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecurityScan_Release.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\InstallHelp\SecurityScanner32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McInstallerStartup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McUICnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MicrosoftEdgeWebview2Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\SecurityScan_Inner.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MSSPResExtractor.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes_LD.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerStartup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUICnt.exe3%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUtil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MicrosoftEdgeWebview2Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\SecurityScan_Inner.exe4%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mc-webview-cnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mcbrwsr2.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes_LD.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McUtil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mcbrwsr2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsdF57.tmp\InstallHelp\SecurityScanner32.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		high
    mosaic-nova.apis.mcafee.com
    		44.231.153.113
    		truefalse
      		unknown
      analytics.apis.mcafee.com
      		unknown
      		unknownfalse
        		unknown
        sadownload.mcafee.com
        		unknown
        		unknownfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          44.231.153.113
          		mosaic-nova.apis.mcafee.comUnited States
          		16509AMAZON-02USfalse
          162.159.61.3
          		chrome.cloudflare-dns.comUnited States
          		13335CLOUDFLARENETUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          13.107.21.239
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          52.35.229.208
          		unknownUnited States
          		16509AMAZON-02USfalse
          13.107.42.16
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          2.16.168.115
          		unknownEuropean Union
          		20940AKAMAI-ASN1EUfalse
          172.64.41.3
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          2.16.168.105
          		unknownEuropean Union
          		20940AKAMAI-ASN1EUfalse

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1585398
          Start date and time:2025-01-07 15:58:27 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:36
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:1
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Sample name:SecurityScan_Release.exe
          Detection:MAL
          Classification:mal72.adwa.evad.winEXE@34/204@17/51
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 2.16.168.115, 2.16.168.105
          • Excluded domains from analysis (whitelisted): sadownload.mcafee.com.edgesuite.net, a866.dscd.akamai.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtEnumerateValueKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • Timeout during stream target processing, analysis might miss dynamic analysis data
          • VT rate limit hit for: SecurityScan_Release.exe

          Created / dropped Files

          C:\ProgramData\McAfee Security Scan\ftstate.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [DataAnalytics]
          Category:dropped
          Size (bytes):146
          Entropy (8bit):5.192662034541765
          Encrypted:false
          SSDEEP:
          MD5:470CE6E15424116301DDD7F06FA006D0
          SHA1:268C5193F96A1650F17095DB6A73B27571F0B638
          SHA-256:A1F4E1D17703E15A61817278EBFA8AEC0B32300086112F71BB0F2CBBD9BC66E1
          SHA-512:418D2E9C61468367B65594FB80691BE8375EC72E534B146854948207527FB7B0E45C12506AA0240E6D6BF927CE723BC2246788E98BF21710EB4232788FBDD310
          Malicious:false
          Reputation:unknown
          Preview:[queryparams]..affid=0..[DataAnalytics]..InstalledDate=7..InstalledMonth=1..InstalledYear=2025..ProductUUID=8A53D412-9FD3-4039-8B18-BCB7F686E304..

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\aviary_client.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1531), with CRLF line terminators
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):5.321166453198633
          Encrypted:false
          SSDEEP:
          MD5:1E7EBC68623599ACA8619CC5169F0590
          SHA1:03BED5B7E64E7509B6BA1C5453AF4B553FEACFC5
          SHA-256:8B044EBA3B6C28828C9DCFE6E499BDCBE3EDFC70F4E4C072DB9C050FD48D822F
          SHA-512:79A585371B332CF90FD1686EA53E68509115F6A939E82CCDF4161AFFD3734C828E3223C03FE5636254A89FD38799DC9C4D4D9779FC718A877B548CEEC52BA68E
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var aviary_client_fileVersion = "1.4.114"; ..function CreateAviaryClientHelper(){try{var a={Get:function(f){try{if(this._aviaryPlugin){var c=this._aviaryPlugin.Get(f);this._logInformation("Get: key: "+f+" value:"+JSON.stringify(c));return c}}catch(d){this._logError("Get exception: "+d.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));g

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\common.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (14337), with CRLF line terminators
          Category:dropped
          Size (bytes):14537
          Entropy (8bit):5.3507201842055725
          Encrypted:false
          SSDEEP:
          MD5:BC8BDE16CFD68270180130A481BED8DE
          SHA1:556DAE92A4F6F577C2EB7DC3432EFF23711DB99B
          SHA-256:2A61139B601CB82E007663D7F29F80EDA8616619A03863A42B72F05ED98769A1
          SHA-512:F6853F5DF1EADF477C911D30C20AA4314987DE6F9841C4ABFC8A2FC1836869326B08AB632D9FCFC6B24DCF1E7D21B61D0D0F645F66B7E41DBE96603FBCF0451A
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var common_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\config_manager.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (842), with CRLF line terminators
          Category:dropped
          Size (bytes):1050
          Entropy (8bit):5.323565161333726
          Encrypted:false
          SSDEEP:
          MD5:5C2EB996C9B5AF003AD9916ADCFE6533
          SHA1:704790B240761930AAB7A541535216FCEBD5C6CD
          SHA-256:46D424408D9487A861CD8BB4900C3610C297B1B9924F2A82AAE0CEC31EBA0E70
          SHA-512:87A0F1B61C1D1F9D2A2D6F53B19487FB6BC88CBA8FB30C4462E22F7F39C7470DDB888D5521F2921669ECA250BD913A46B63F83FB98601B4D3FBA21C7452B11AF
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var config_manager_fileVersion = "1.4.114"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//5EE60414C7D07A259D3A495EC0E70D7DD1BC2350CACEDA67835CF4EB5031E387D9398A386B6DD358

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\csp_client.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3383), with CRLF line terminators
          Category:dropped
          Size (bytes):3587
          Entropy (8bit):5.303660739400768
          Encrypted:false
          SSDEEP:
          MD5:02285FA10F1BFECBB6E0FC79EE757049
          SHA1:64F718E3F85465987B33B6DD29E1C22AF43F79B2
          SHA-256:9B9A6C8721C66C1F29185ECC7F429BBDBB468D63A1273BC12F879830747949A9
          SHA-512:4EED5B2C81D26464D65A1381959CCC8539AED0CBA6A0F0301C696975E6C01899B4221092749778AABE33BA66DAEFBB1DE3E2683B5B59C960864F4844966EBF63
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var csp_client_fileVersion = "1.4.114"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\da_definitions.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1396
          Entropy (8bit):4.131950546304375
          Encrypted:false
          SSDEEP:
          MD5:6F1D4AE5766E2FC0517756E0E083A679
          SHA1:3763521410A5962C645D0445529EF3997B11CF1D
          SHA-256:DAB0F5582C42B61C79B281A5C358BC7529EF9923793BC869C923DEEFA84708D4
          SHA-512:89F6254BCD0B00EB844D377F4DFF94C7D7946BE294CFA8ED5D2B3CCFFDA6F2ACAC4A062822A7087863B270997D9D6FCC2DCFA952C2664230901D087589C14C8E
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "metrics": [.. "event.value",.. "hit.duration.seconds",.. "hit.size.inbytes",.. "hit.engagement.userinitiated",.. "hit.result",.. "hit.metric.1",.. "hit.metric.2",.. "hit.metric.3",.. "hit.metric.4",.. "hit.metric.5",.. "hit.metric.6".. ],.. "dimensions": [.. "hit.uniqueid",.. "event.category",.. "event.action",.. "hit.screen",.. "hit.action",.. "hit.engagement.interactive",.. "hit.engagement.desired",.. "sub.category",.. "tertiary.category",.. "guid",.. "hit.session.id",.. "event.label",.. "hit.feature",.. "hit.type",.. "hit.trigger",.. "hit.source",.. "hit.severity",.. "hit.date",.. "hit.label.1",.. "hit.label.2",.. "hit.label.3",.. "hit.label.4",.. "hit.label.5",.. "hit.label.6",.. "hit.label.7",.. "hit.label.8",.. "hit.label.9",.. "hit.labe

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_collector.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (13754), with CRLF line terminators
          Category:dropped
          Size (bytes):13962
          Entropy (8bit):5.21304794720775
          Encrypted:false
          SSDEEP:
          MD5:56D209C4B77DB36DA734EEAF5E666E76
          SHA1:3FF436681EC15CAF7F6724C9DD8E0541FF452CA4
          SHA-256:BBC40E3E1271ADA78E8064F010B53E2DC5BC7C16CFB14A3E7119879B4EBB3E64
          SHA-512:FCD6000DE2E38EBE051BA3C9E8C5CAE8142B348F04FD9423D48C3A213AE89A16F0705F4CA4C1FB0CDAD0D94E08DCC5F3435F9AB4250EA3FCF21109B5513B058A
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var data_collector_fileVersion = "1.4.114"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_items.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):89363
          Entropy (8bit):3.8489514100309172
          Encrypted:false
          SSDEEP:
          MD5:3002F862E16DFADDBA23DC9CC2522523
          SHA1:601654AF4EE33E6E9C1A1DBC1B47C64AC802DE6A
          SHA-256:A6D8DA663A46C45DC8664BAE6A57B8F319BA1CF90676E9E5A63488C329B8C69E
          SHA-512:DB73A811A18A6BDE7983F5E8427E3D2D75D13800EFE220DC2227E0BD6CA401F4DC3147A89FAC36BC4E49DE8251EF3DB5C8F9919EB329DF9EF8B5E26702BAE181
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "auth0_user_id": {.. "params": "auth0_user_id",.. "source": "settingsManager".. }, .. "user_ref_id": {.. "params": {.. "action": "GetProperty",.. "appid": "vso",.. "name": "user_ref_id".. },.. "refresh": {.. "onMessageBusMsg": [.. "Core.Subscription.Sync",.. "Core.Subscription.SubscriptionUpdated".. ].. }, .. "source": "subdb".. },.. "CSP.ClientId": {.. "params": {.. "action": "ClientID",.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f".. },.. "refresh": {.. "harvestIfEqWithTimeout": {.. "value":"[ruleMismatch]",.. "timeout":600000.. },.. "onMessageBusMsg":

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7140), with CRLF line terminators
          Category:dropped
          Size (bytes):7341
          Entropy (8bit):5.275074613666029
          Encrypted:false
          SSDEEP:
          MD5:B3E7252726A1A200EE2545087AECE2DA
          SHA1:A21BDEBA3F9DC50707784CA5262C64151B18B6BA
          SHA-256:E73737B43188F5EAF5476502301228DA191E4679FEF2DAD83584C85B3B04A185
          SHA-512:1CF46EDB80E716254FE4458A7C25D8F226A0E2CF3F94980AE10E6F3703F46A4C6A3E8F7C566B0D5A4189A8D87E6D6F9B0F00B9588DB6E412C36324A7A53B9E15
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var dataset_fileVersion = "1.4.114"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset_da.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6749), with CRLF line terminators
          Category:dropped
          Size (bytes):6953
          Entropy (8bit):5.406921317159456
          Encrypted:false
          SSDEEP:
          MD5:54130B64A7B6C873A442D99B37C94BD2
          SHA1:9997B6D86FEFB276DAF608BFA77A63CBC4A1F8FB
          SHA-256:3386EC5C89C89B296A83F4FB941E12B1BF337782F626F90D0ACE90280995B6A8
          SHA-512:AC3D0E127F5353444638701CFDF4D002B347BE4C0C6A64DAB5D331B306103AE2D7D0B9FC745FD2322ABC6E2C3D2A61F6B4617A75FE2F34D858B6673EE57A72DC
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var dataset_da_fileVersion = "1.4.114"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\datasets_catalog.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):10553
          Entropy (8bit):4.124349379343266
          Encrypted:false
          SSDEEP:
          MD5:AC18B2AC0D9FC093ACA0D07D01B13218
          SHA1:0C840474541229CC7B64AE19860E3EA85F4DE8A6
          SHA-256:D6D59C37B9F46E3879CAC60239C30A614B3A6AD1B08A9021ABB07D108FC54562
          SHA-512:0FA947D5889ABE619A81960524BFD059F419F0C0EA4A7652A9A6D218BE9BA250FC297D01053F6A43C3445D96B53CE7AEEE93498D40B104D36C9238185CE8CEC7
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "ab_test":{.. "data_items": [.. "analytics_governance_version",.. "device_id",.. "product_affiliate_id",.. "product_analytics_sdk_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wss": {.. "data_items": [.. "auth0_user_id",.. "user_ref_id",.. "WSS.Hardware.ID",.. "WSS.Software.ID",.. "WSS.Segment.ID",.. "WSS.Segment.Type.ID",.. "WSS.MSC.Version",.. "WSS.MPF.Version",.. "WSS.MPS.Version",.. "WSS.MQS.Version",.. "WSS.MSK.Version",.. "WSS.NGM.Version",.. "WSS.VUL.Version",.. "WSS.VSO.Version",.. "WSS.VSO.Content.Version",.. "WSS.VSCor

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dictionary.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):20179
          Entropy (8bit):4.552776289770129
          Encrypted:false
          SSDEEP:
          MD5:BC382489643E9DDC228A8D051A42D337
          SHA1:8A99506591E5B90308D02489497361CB5CDEA803
          SHA-256:86F3DDBD547491B25BF67F9BF1A182588EB7DDDB84F3CA875B65B059C1D86896
          SHA-512:CFCE98752EBD973E370880492238B858030A07F27FA2BFA1DAFE619CF37E4B56F6F74D0FFDD93C53551583A8F37570EBB7A1C230ECA0480B48F546882CD98029
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_metric_3",.. "metric4": "hit_metric_4",.. "metric5": "hit_metric_5",.. "metric6": "hit_metric_6",.. "screen": "hit_

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\emitter.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4110), with CRLF line terminators
          Category:dropped
          Size (bytes):4311
          Entropy (8bit):5.214434221619653
          Encrypted:false
          SSDEEP:
          MD5:D8C5553A463C6E0E535E75731984F97E
          SHA1:DC736DD2072CFAC34E33B1BA276B240AEB76239E
          SHA-256:3DDC7CA8246F0B324B2ABBE4750302AB322C92A4AEEEDF3B5AEC3B1712359748
          SHA-512:06F6188B41BD97DB2D7D1981F25DB5C9771BE7ABE650417DD99A3547C90660311E44001864FE452304BA6A5C4F0A90E584F00A637EE6D01587647EFB212B3980
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var emitter_fileVersion = "1.4.114"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength;this.extendedAttributesLengthConfiguration=e.extendedAttributesLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transpo

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\engine.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (11329), with CRLF line terminators
          Category:dropped
          Size (bytes):11529
          Entropy (8bit):5.250654475538895
          Encrypted:false
          SSDEEP:
          MD5:BF1603983B0F6F5F4D75FB1206860C8A
          SHA1:D42E9A0DC78B184774227C7D0E86EBB62E904928
          SHA-256:6D01A312285532A3263576F4306D9667411E203DDD3A1A1EF1EAFA7B8FCF4E10
          SHA-512:31873A7F9EE9F466D65B09A565FF505D75657B39A1D96E3AF87DFA88F6378D6FE3FD3333CD73CEACE33AECA1155942B0024AE88AE831E5B1FD09483AAC2DD49C
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var engine_fileVersion = "1.4.114"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\error_transmitter.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2529), with CRLF line terminators
          Category:dropped
          Size (bytes):2740
          Entropy (8bit):5.312241151375569
          Encrypted:false
          SSDEEP:
          MD5:213154598262F6FB58D03D24B789EBCE
          SHA1:57A9D0906614F8A0A4FFC06303CA7D2014D7DD1F
          SHA-256:9D021EA0C55B0496824431423C36A45A9D37FF293B1EA55B7F54010CC568643C
          SHA-512:C8ECF758190574B5980E60A27D77929925EAF5011FA836861168D7C2F4505DF04FBAC66E018E66F96EAFC9081B1BC592DB8EDF81CAD0EA5EFA1B981A0A510BC8
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var error_transmitter_fileVersion = "1.4.114"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\event_handler.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6709), with CRLF line terminators
          Category:dropped
          Size (bytes):6916
          Entropy (8bit):5.332274302455534
          Encrypted:false
          SSDEEP:
          MD5:92E85B12506AA4D5565097C3061178A4
          SHA1:E7E9704B229B6E1F149CB3F2BACD5C09C4C07686
          SHA-256:2E9F27AB73C48D04F1913723050E8573D3A17A1CF95D842D29CD41E6602A2DFA
          SHA-512:4D6AC930DE75CF9C51A556D14C97CDE438D9C07DE01903CA0C581D7002012563F3AA8BCC8333BA1EEF3C7E372CABE5E7698EBCCB329B9C34BAAA80D43E365FFB
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var event_handler_fileVersion = "1.4.114"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\events.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):218852
          Entropy (8bit):3.07966733633794
          Encrypted:false
          SSDEEP:
          MD5:BAA2C7A097685ECFB8FEC75AC61EF4B8
          SHA1:6838FA7D8EFF2E2A9B3DA6909D45D29FB01068AC
          SHA-256:A3548BE86C732BAA9B3F7535AF98D1C010DB0A49B155672A6AE742FB54EBE40C
          SHA-512:7D1FFA13E6FD472C57E29B87CCD7A256B06B22E6C68FA96F55D26BF9F2DD601F0E49487A1EA31BEA20E0E95E621174333380006C04F595DA843BB1898D7594E8
          Malicious:false
          Reputation:unknown
          Preview:{.. "data": {.. "mssplus_antitrack_bottomfixnow_btn_clicked": {.. "attributeRules": {.. "hit_action": {.. "meta": "BottomFixNowButtonClicked",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "clicks",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "Button",.. "ruleName": "override".. },.. "hit_result": {.. "meta": [.. "Green A",.. "Green B",.. "Yellow",.. "Red",.. "Orange",.. "Blue1",.. "Blue2",.. "NotScanned".. ],.. "ruleName": "in".. }.. },.. "curren

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\hash128.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4059), with CRLF line terminators
          Category:dropped
          Size (bytes):4260
          Entropy (8bit):5.611655458668878
          Encrypted:false
          SSDEEP:
          MD5:51F63AE068525A0A9CE65CB747382E5F
          SHA1:AB3B142E93314394CFB1E1D53B8096A9ED43A5C5
          SHA-256:67373CC04DDD025DA7E357B76FC7D469245D182E180468CB837D9693F4D4C58B
          SHA-512:3DC64D39FC387F6DFFC2C9F5A1FC20021C5DD3B0C30C8B91FAE609D91057308CBDF09AAEC4C526B0DC633CE232097082271934C4DE8B6E6581553948259DC384
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var hash128_fileVersion = "1.4.114"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\json2.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3618), with CRLF line terminators
          Category:dropped
          Size (bytes):3817
          Entropy (8bit):5.534649553785636
          Encrypted:false
          SSDEEP:
          MD5:6427079324D5008E719994CD57D6F2AB
          SHA1:57A28074280273933F49A51F1E9059FE00E73F8D
          SHA-256:D7201AA522A70C9A39564D271BF9F19F4CC59216D017B88F2EA08B7125DA2A7A
          SHA-512:F5B6689F66C1A23DA1BE805D0873FC52A594F0CB9D31B06B51F7F39E35BEFCC3734E6E96B56E6548B3D00FAD5BE3056BC5F72927766D0D1459F509002121004F
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var JSON2_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\logging.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3176), with CRLF line terminators
          Category:dropped
          Size (bytes):3377
          Entropy (8bit):5.47480094679374
          Encrypted:false
          SSDEEP:
          MD5:54E42C81FDCCBE0AC571BA591CD658E8
          SHA1:C0BD91EF58B860F1DA00F16661CB9014E5C4D417
          SHA-256:F064D98CF449EF55F604E1D1EEEE928A010A8C2A06DA3E6EBC0D93E255CEACC4
          SHA-512:7349FF9A2475B991B45A738AC328377B40300401F44F365B86EFF687183F9C954637DD867C0741903D61A4EB44811B71E0E6FAC155CEE75D82731D841FED6866
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var logging_fileVersion = "1.4.114"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mappings.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2160), with CRLF line terminators
          Category:dropped
          Size (bytes):2362
          Entropy (8bit):5.338981928348514
          Encrypted:false
          SSDEEP:
          MD5:9B96221B31737995796F892F0DBDB4BA
          SHA1:9F27EF2BFA85A958F099B7B37B03531BECE00C23
          SHA-256:633CBDBBAE59548247F68C69151F2EC96222B429BC05BC43F3517263BAB39284
          SHA-512:9197C76CBD438273FC28ECCEDC48579C5EFB7F5E2FE2384CB81959850EC6B6C5E4261723B3F04504106AD1EBBA72E9DD6126B6DC269A107B898C46BCC072E7EA
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var mappings_fileVersion = "1.4.114"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mcutil.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1832), with CRLF line terminators
          Category:dropped
          Size (bytes):2032
          Entropy (8bit):5.421428347091938
          Encrypted:false
          SSDEEP:
          MD5:18378A5EB18C7D41DE0AEA56CB3E2DF3
          SHA1:172EB8905FFB1AA531016074367CDBB2D10EDDCF
          SHA-256:AECEFED3C550360CA15C01458374FF46960FB038DD6CD9E2B674F154C8FDF542
          SHA-512:E9A171B0199E3E78D640BB3F9FBE80E50950901AB7914598B7AF9FD6A6500F061B5965CF4203B791BD2391AACBBC6D192467F95EC69C099474FFFFDF7ECE2690
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var mcutil_fileVersion = "1.4.114"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observability_datasets.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):455
          Entropy (8bit):3.582535825574766
          Encrypted:false
          SSDEEP:
          MD5:DC0AF256F66373834F7A5012C4871D13
          SHA1:DBF0432073C2833D23C27007B491028EA887F94F
          SHA-256:2A898C8070B4BCB4100CAD3CE086EC46294EDD9C87694F1D91E6786F78724F72
          SHA-512:766063869D60DB33B7FDFFCD0FC1665DF0203ABEAF8BEE2E25C8C929AA5B1E330AC19F6A97068F9F08CAC3A1304EB28624DE7012AE027666422F7FB6E54EE3F7
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data":{.. "Testing.Mock": {.. "map": {.. "Success" : "Received".. },.. "default": {.. "Test.Value" : "Yes".. }.. },.. "analytics_dataset_get": {.. "map": {.. },.. "default": {.. "hit_event_id": "analytics_send_splitio_product_attributes".. }.. }.. }..}....

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observation_analytics.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
          Category:dropped
          Size (bytes):2017
          Entropy (8bit):5.263461770158519
          Encrypted:false
          SSDEEP:
          MD5:9A0756A86DD2AEF257CB1467ECAA7BC4
          SHA1:9CCA3D375956F68991E694148E379A0BD1AE28A7
          SHA-256:32B800AE003E25D728A4741777E4F4DB3AFB2D65C7FB79950282CB158C772D34
          SHA-512:A046924B809BA326F7FDA7A981F06BF7900B9C33F49DD298ED0BC90B395518D3BF0577CD165254DF9F657DDCDC5581E4515CBF13A70C06374004E0F6D02C4EC8
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var observation_analytics_fileVersion = "1.4.114"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\operations.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6532), with CRLF line terminators
          Category:dropped
          Size (bytes):6736
          Entropy (8bit):5.341408996751215
          Encrypted:false
          SSDEEP:
          MD5:6D6033E034A4DC4FF629BB45E34150D1
          SHA1:C82019EAD44792BD22FA045EFBE2FCD338D4D8ED
          SHA-256:63720A1F4C7719ED1ACDEA115494808400A3BAD0BB9C506D79F06960F2CE3A72
          SHA-512:27289FF8D24F4959F682A93052CDB6610B78600D6DBD403CB6699A0C4B919FA612D9FDC26781F9914EC8BE136F424A678D32F4DDBCBE15DC2D4B0141059E6E96
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var operations_fileVersion = "1.4.114"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\preprocessors.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (825), with CRLF line terminators
          Category:dropped
          Size (bytes):1032
          Entropy (8bit):5.403700179750359
          Encrypted:false
          SSDEEP:
          MD5:1957CAD03CE47E5B8B5D52B3540401C1
          SHA1:FEA43BEE58913AE3C613850FBDDA772D2650D52D
          SHA-256:99E222C01573B1CC3CEA085FC065FA7CD1E85A32870CC5D9500888550747A62C
          SHA-512:4302DA56B265DCCD81DF6B3BFC3C52492927DB5654A11F3A1D4F83AC439F357390A72692FFBE11D1C6A55C4E11018F90852C4EEE32A4E2B7AAD08610FA374439
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var preprocessors_fileVersion = "1.4.114"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//E20DF6F144E8358CE37E27629DD7FDC5D2F1110A094127B44884C469763A7DEFE90D28FFEAECE05B60E727306E7A6CE2C1

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\profile.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1113
          Entropy (8bit):4.8133512540587
          Encrypted:false
          SSDEEP:
          MD5:CF2FE9FE7C8EB2B706990271E430180D
          SHA1:81C21541C9C504C3A43CB15189E504C04DB97AAD
          SHA-256:E2DD99C69509A5550893DE432A7D75B3C6FA99C4F6D62F40F055E400E5B77356
          SHA-512:39493C928E0361AA4B9B621C9E81BA0CB4D88456E5A9EFCAE7EB5BF200817FB468807C3629635062E8AB288D862A0A460FB99B59AE3A43916BF02791637F2E71
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "geoInfo": {.. "apikey":"atRBlD3nPU2xVcVHyaHQW9iaT4LUthwd5bgphI4S".. }, .. "data": {.. "profile_ab_test_mosaic_kongapi_100p": {.. "transport": "aws_apigateway_v2",.. "dictionary": "dictionary_abtest_mosaic",.. "datasets": [.. "ab_test".. ],.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f",.. "transport_config": {.. "apikey": "eKW5FAM71o3cPLamQdUSc7lTXU0BWGKtWVxISA50",.. "service": "ab-tests",.. "consumer": "core".. },.. "throttleRule": {.. "meta": 250,.. "ruleName": "dailyMax".. }.. },.. "profile_mss_mosaic_kongapi_100p": {.. "transport": "mosaic_api_v2",.. "dictionary": "dictionary_mss_mosaic",.. "datasets": [.. "default",.. "content_metadata",.. "device",.. "wss",.. "mss".. ],.. "appid": "458fa1b2-a07f-42a8-a608-4764244bd594",.. "transport_config": {.. "apikey": "htcnZaEGgL9HlF

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\registry.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2785), with CRLF line terminators
          Category:dropped
          Size (bytes):2987
          Entropy (8bit):5.391906290625516
          Encrypted:false
          SSDEEP:
          MD5:38E8221A1F9954C4581F866D884A24F5
          SHA1:B7C992AE2B74ABDE7408232CEF178EB17AC3C01E
          SHA-256:569D79EE5F8419FB953FD758994F50CC5815D44F4F53DDD5F6EDCE901698EC5B
          SHA-512:05FBAF92671969A9773417A09B4D5B16C5A9EC870589E43B43B3E8CBD82D0837325325F91A8CFC78A97C728000FE960485A0A0DC62CE47E92FCDF970B4607F81
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var registry_fileVersion = "1.4.114"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rest_transport.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6423), with CRLF line terminators
          Category:dropped
          Size (bytes):6631
          Entropy (8bit):5.3005420308257545
          Encrypted:false
          SSDEEP:
          MD5:4A7F198BCE36FEB5E08673D1B2D69AA1
          SHA1:FD0862508788BC6D56FF49CF702D146EF1C6F927
          SHA-256:832E54A9AD812A29DC69C8ACE588BCEA85D3B5B655FFD9C12F01AC41FA927D0E
          SHA-512:9DB9E292CB55A337011C2F7E5F84E8681C0830F0E58D8617E1C943E9A2A583CFAEEB132F5F0AAD574CFBDC4EE1C1DC4703B96CDE2AC9DFC2FE5569595AFEB814
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var rest_transport_fileVersion = "1.4.114"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rules.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3246), with CRLF line terminators
          Category:dropped
          Size (bytes):3445
          Entropy (8bit):5.354970500627735
          Encrypted:false
          SSDEEP:
          MD5:83408E6F5E87F10716813F0609EB9C8B
          SHA1:765C4D09E1988F32E4425F3A1616D2BD49EAE832
          SHA-256:F1877A88D8A1446C8C9C09E8A39F90500DE89F96FC29B8D59FFB07AD579B5A93
          SHA-512:A398E325CDADF4DC3AF8D42292D9CAC4F830650D8064CF3E1280AA74D69AAA792E96A08532C6231A3C5C1624A443B6B99567B712D521DFE33CC1AADCA04AB56D
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var rules_fileVersion = "1.4.114"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\sha256.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
          Category:dropped
          Size (bytes):37442
          Entropy (8bit):5.182723724496523
          Encrypted:false
          SSDEEP:
          MD5:30421B29B9EF976CD06AF1C628BDCE00
          SHA1:242FE79E1369C242B8F71F3C16610F1259632F67
          SHA-256:DBC8A47CCB52356B0313A309DB23CD7EED9253846115DC9203735F0883CFB930
          SHA-512:9B13E21E08CA03CDC626CCBE288627251259EB74F66B9B10A7BE30BF45DA17B799E8C752C28DAE39DB996BD2CA2AE01588C8BD7A2358C36D7666B8442AD4F245
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var sha256_fileVersion = "1.4.114"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\subdb.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (663), with CRLF line terminators
          Category:dropped
          Size (bytes):862
          Entropy (8bit):5.496968261268393
          Encrypted:false
          SSDEEP:
          MD5:944BB4D794B643EB0EA91230EE1DAA3B
          SHA1:3410E315F19B679F15C3CB862490C093A947407F
          SHA-256:432AC632D1C42EE47D994F609AD612B6D19A45275EBA3CFD4B0EA8B8AEB76F6B
          SHA-512:EA65243D1CBC0907C135F95D944B876E3668338E37C9912E5E2F6C6504997A77B0197E090AD292E3B0B4C2AE6FE0C3545FE7786D7F0F778E3A57BF20B770CB80
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var subdb_fileVersion = "1.4.114"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//5A613539DF54CF27B020D1B04852FE795E7F246B63773C9AB845982A6D7F055C95AAA4EAA30AAAA79E169CF4887FB2ABB0A1137E23886252ADA59378270B96C5++

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transmitter_template.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3717), with CRLF line terminators
          Category:dropped
          Size (bytes):3931
          Entropy (8bit):5.349626620456465
          Encrypted:false
          SSDEEP:
          MD5:6F5E954F2F3F060F2ADB4C5767939CE8
          SHA1:CB34ED8B68917BCE7E1BD287E8C7D7E5510D5481
          SHA-256:BE969BD89EFC244C3E758C063C3C38885B96798D3FE24B25AD996B0773CD3561
          SHA-512:2AE07CA3CC09CCB03AA384E8541411860938972F6FA6FA190BDF42399ABA92498D486B5C14261E500FE85BE27047FB7A094D2385CF74B1DD4E4945D8559D2801
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transmitter_template_fileVersion = "1.4.114"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7089), with CRLF line terminators
          Category:dropped
          Size (bytes):7292
          Entropy (8bit):5.243071797791836
          Encrypted:false
          SSDEEP:
          MD5:DF3D64D883831400BD58879126A95ED9
          SHA1:A7918A06B4801F733712EFD3CCB16ADB68CBC829
          SHA-256:5D19D0E059ADC4ADBB79DDB57380EA066A4A3CA372605C957509948E8730E029
          SHA-512:F598D05B92218DF915968EAE625E10EE1572284BCAA9C80F0F611C7728D5215BE657107F0B5B142B287A42B3485E1B33072086473E5E31174ABDD95783A97E41
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_fileVersion = "1.4.114"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_api_endpoint.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3250), with CRLF line terminators
          Category:dropped
          Size (bytes):3466
          Entropy (8bit):5.329272530030789
          Encrypted:false
          SSDEEP:
          MD5:F490FF928FA301034C1E5369339D07D6
          SHA1:B1E40CE43DE124FAE928E2BD2102354B1EA31D22
          SHA-256:C67AA9090886CAE34D3522BE5298DFA54BC9BF850845EAB71207BC76F7046D33
          SHA-512:852DA599E669A82D423E5B5DC9A1E358AC84E0E4D502AC4261D6AB721C4FDE8E76C4E4529B6918A5327C5E7DB6694BD50DEF6B5A4D9F665626B4562573359214
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_api_endpoint_fileVersion = "1.4.114"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_aws_apigateway_v1.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4753), with CRLF line terminators
          Category:dropped
          Size (bytes):4974
          Entropy (8bit):5.407477472670478
          Encrypted:false
          SSDEEP:
          MD5:3A62ECB46D55CE056DDC6B1C82D058B9
          SHA1:EBB67FD4F68661CFD97DEE58D6F2BED9B74F06AC
          SHA-256:BD72241D6717283399EED99DA7F81A6BFB19D2274BE698CB8A3D5BDB5F4EDD2E
          SHA-512:B7959A60CA64C8F3ECFDAFA9D59703351B2DE4844F905C58466AA56CBDA04086B0A4A277CDDCBE8590A4DDDA378C9CAC811950848848742E2E645E76CEFBA613
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_aws_apigateway_v1_fileVersion = "1.4.114"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_da.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2581), with CRLF line terminators
          Category:dropped
          Size (bytes):2787
          Entropy (8bit):5.38813757973808
          Encrypted:false
          SSDEEP:
          MD5:DAE9DC9F4767E1C1BA0F2292BAF0112B
          SHA1:DB2ED3395B1862ABE2B7F701B9F759609E6CD4D9
          SHA-256:576A92B11C3155A87017BA2E539812286498A8C979F9692C2922708040EB51F1
          SHA-512:CE513638798C7C5CF44D5DFAC6C8ECC238CB94D9C0A5156C7D2F6211B6BF1BE651105A3F69B7349B961823A27EF3B5FAEF8B18D014815FA7017E7EC2D03830ED
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_da_fileVersion = "1.4.114"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_eng_observability.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3274), with CRLF line terminators
          Category:dropped
          Size (bytes):3495
          Entropy (8bit):5.199846052919043
          Encrypted:false
          SSDEEP:
          MD5:93581833279E8522F8EFC14966C3BF04
          SHA1:010DD699BF7509E1B16575EDBD84F559EBE07CC0
          SHA-256:4713BA38325FF8C257CC2F5DB63705AD421137043A5128906B2E5186372844B2
          SHA-512:5C7172048CAB81E0126A3E014DF52FC32300AFB45E5B6A73B3D9CE2E6C657597D201FA22318A508D18084770F4BBD0183738740A2B703E2940F26BE749173B8B
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_eng_observability_fileVersion = "1.4.114"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_event_hub.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7985), with CRLF line terminators
          Category:dropped
          Size (bytes):8198
          Entropy (8bit):5.263467139966956
          Encrypted:false
          SSDEEP:
          MD5:656AFACBD15E9B8CA9DBE06F13FEC889
          SHA1:DAD2AB0D6BD92548C1C1C4CA945FD111BFF6B185
          SHA-256:1D8283518587B2EF32DE17049F5F20EC1FCFFE9F15CEE595B3FB8AC9F9949F48
          SHA-512:67D2C75802CE9F4A47DD439B4712ACD9C999D62EB47DD950585174F50C74FEF8BE23AB59E8CC3EB9C24457C4525C27D0475F911953D598AC8D0A0AD1BA050B7D
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_event_hub_fileVersion = "1.4.114"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_ga.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2200), with CRLF line terminators
          Category:dropped
          Size (bytes):2406
          Entropy (8bit):5.4839496030761605
          Encrypted:false
          SSDEEP:
          MD5:5E5FE66ED895E9253939E2ECF6AFF3D9
          SHA1:407B2A142D0AFFE796A9FBE4267543BEE40FE597
          SHA-256:29E44BD845EA7FE3BDE0EF71C8CF2C334F73DFEE255A54291D4581A200844363
          SHA-512:F1182888702A45F14BF2CDD741489F83BA2CF6B4CAB5B5414017EE41D0C21F2958957098572EE7D39FCA1B5A77C39C6D592D1AE85300703C890491294EB5D9A9
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_ga_fileVersion = "1.4.114"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_mosaic_api_v2.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4495), with CRLF line terminators
          Category:dropped
          Size (bytes):4712
          Entropy (8bit):5.257620084723445
          Encrypted:false
          SSDEEP:
          MD5:30BB4AFCAAEBFE34DC64A5E227663C1E
          SHA1:38675C1939117C9B1393F2D1804D20819B9B34F8
          SHA-256:A47F219510EC9E1D409CD804BB2C5DF29C02A64AF95ACC0706D123662574A37F
          SHA-512:975914AF2C331B2177AB415D9F95E372DB0F0E477A3BB09C98A088DBE236E5551EBA635C45A7BC3E2ADAACC73805BD076CD125974B45D12B11557DC463179347
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_mosaic_api_v2_fileVersion = "1.4.114"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this._rtHeaders=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Trans

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_msgbus.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3000), with CRLF line terminators
          Category:dropped
          Size (bytes):3210
          Entropy (8bit):5.244849543315333
          Encrypted:false
          SSDEEP:
          MD5:63CD95F661B0AC1FA4092DA021B9D473
          SHA1:3E0B0E70F437880AC4FBB61032EC99D543404EF4
          SHA-256:B5B337CE44977BFDFEE8EF6B114DED28A8BEAFB91AE4576D97AC130FE14E3DB2
          SHA-512:FFA147D95FFB144F2745B1600C67B4B6F15190CF583431CCB8817CB714B4582352F7B7EC9692F88A9317BF37F5CFC6BA9FC688D6050CF3C065A5C400DB93DDCB
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_msgbus_fileVersion = "1.4.114"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_template.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1249), with CRLF line terminators
          Category:dropped
          Size (bytes):1461
          Entropy (8bit):5.3380175011956865
          Encrypted:false
          SSDEEP:
          MD5:E26E122B0BACA7D630EF243A99AAC2F7
          SHA1:F93785080E5E672F1AABD2575F83E1A120A5C6F1
          SHA-256:161E501CD97AAFFC1A69CE6DCD1B6D4519F86575745FF215E4C49B8ED2B0654D
          SHA-512:1AB6891B2ED18860B02AE892901AEF93FF19D533E1E654C34E549A76182213C3B8BB6C1B5BA3EA5D8FD6BA90AF1E391DA87853FA5E1342A442F1A3526EA6B52E
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_template_fileVersion = "1.4.114"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wa_settingsdb.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (814), with CRLF line terminators
          Category:dropped
          Size (bytes):1021
          Entropy (8bit):5.407414719714446
          Encrypted:false
          SSDEEP:
          MD5:17C871882C6C874CA0ED103FF63F3FEE
          SHA1:1F693800FF2C8063EF66F6ADECCCD3C352312649
          SHA-256:F023ED084B8090DEC646B18DE0F7F57D826B5D771459CFA3485B9199AFF88EB5
          SHA-512:255ABF929A8216485243130B08F631BA0D3833AD3933B33849BE75946F8B5C89AAA3E6B7D154D560D6A94F004EF4EE4D1E8ACBEF11F373F1825AB65F1D965741
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var wa_settingsdb_fileVersion = "1.4.114"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//0BCF996CA278776F18D980E1CD65E957514E3AC7C641017A9265F2C11C54BD2992B187E6888F1FCC84B31BBFF02150C555336672D6E3F

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wmi.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7401), with CRLF line terminators
          Category:dropped
          Size (bytes):7598
          Entropy (8bit):5.384536988836127
          Encrypted:false
          SSDEEP:
          MD5:574BF04A7290D97FC5C676841AA8580A
          SHA1:0D86A946ED32595A931D14532AA383DA0F99B72D
          SHA-256:A36A85FE02E4DA4C92B5289D03E088900F00A8B61BBFF139DD96253BB22ED99A
          SHA-512:6A6FC615C99EFE69943C5BC749CFB044D5205590894F16C4FF145700F739134B0AC4DD2B284168F04FBAB2CC3470EE48A41DB3DD67A4055F1A48EE0E2E221F3C
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var wmi_fileVersion = "1.4.114"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\dataConfig.cab

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Microsoft Cabinet archive data, many, 68256 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
          Category:dropped
          Size (bytes):81360
          Entropy (8bit):7.977829061695821
          Encrypted:false
          SSDEEP:
          MD5:6C9F7102550881FCBB8ACA29B23FAFBD
          SHA1:240DFCC6C4E7E6AC48E27F0E2BF9496A544D03E5
          SHA-256:F3B1783C05D76E950454D9EB26DC8C9092084C77CA0561211BD3CBE43FA6BFB6
          SHA-512:DDCCBA6715A21CA2C0A03A6740FFD953F71447C6F2F1FAFCA9B3CEB2DD124309EC8835807D017CEC6513A986197A5BCEC3A3901A2409C67F471B5AD12CA59E02
          Malicious:false
          Reputation:unknown
          Preview:MSCF............D...........,...................03............................kYE. .aviary_client.js..8........kYA. .common.js......?....kYA. .config_manager.js......C....kYA. .csp_client.js......Q....kYA. .dataset.js.9)..]n....kY. .datasets_catalog.json.).........kYA. .dataset_da.js..6........kYA. .data_collector.js..]..I.....kY. .data_items.json.t...\F....kY[. .da_definitions.json..N...K....kYj. .dictionary.json...........kYC. .emitter.js..-..z.....kYA. .engine.js...........kYC. .error_transmitter.js..V..7.....kYx. .events.json......:....kYA. .event_handler.js......U....kYB. .hash128.js......e....kYB. .json2.js.1....t....kYB. .logging.js.:........kYB. .mappings.js...........kYB. .mcutil.js...........kYl. .observability_datasets.json..........kYB. .observation_analytics.js.P.........kYB. .operations.js...........kYB. .preprocessors.js.Y.........kY.. .profile.json.....`.....kYC. .registry.js...........kYC. .rest_transport.js.u.........kYC. .rules.js.B...g.....kYC. .sha256.js.^.....

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2278
          Entropy (8bit):3.8535087427459382
          Encrypted:false
          SSDEEP:
          MD5:660266A0A6C793CA580036E2F872A29A
          SHA1:4F6E1EC3431217D1D5F6CA7A3835DACB157BA438
          SHA-256:B95F7C0735B3268A6CA3D8DB0431CDFA093C842C96F5697E34632A175FA1F6CE
          SHA-512:9291AF46C273903D1BE7AC5A93F28626D221D1993F5BDDF3DF9C45FFB81198E11D3528C8ACB0EEEDC2BCAB9D270F5A729D30ADB390A70D1F1FAE9F48F191DB19
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.K.y.e.H.x.1.h.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.v.e.w.x.4.

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2684
          Entropy (8bit):3.9010069597209074
          Encrypted:false
          SSDEEP:
          MD5:43A357A9F621EB3277727EBD5243D1BD
          SHA1:E6B25CE325EC42D782A23947ECFC6A3BBBB11790
          SHA-256:FB6F851B38EDBD50D166B12FFBB06FDA876F0D49428D670514E60F10427D2F62
          SHA-512:F618F6C3F0BF274D356688459E0FD9C9030270A3F66C16F6B1D8FE051682C4D1C54AAC5A32B95339643D4848B4F7AF07D4B4C20655F19D80AB4B6331337F888E
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".n.2.r.0.N.u.Z./.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.v.e.w.x.4.

          C:\Users\user\AppData\Local\Temp\49b434c6-f349-4510-bf13-a106d882086a.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:PNG image data, 62 x 1, 8-bit colormap, non-interlaced
          Category:modified
          Size (bytes):199373
          Entropy (8bit):7.64428818044537
          Encrypted:false
          SSDEEP:
          MD5:06BD1FDF9766D6E08215071B25F882D3
          SHA1:8E744CA886C03A52C90F73A56B602E874FF70524
          SHA-256:76910E5FB1833857C5645DE02624ABDD947D79655C02BF7A1D212929F810C857
          SHA-512:227B37154B18583A4C60331B6BB26B0032FADCAC87504CB039AFFC7F3183CB0E01172233627645715E7D1DB6A71008213EA7431B8296C3F4FFCD1DA376719CCD
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...>..........3......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Local\Temp\8dc6057b-3f5b-4953-ac94-f9c839cec9a3.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:modified
          Size (bytes):397502
          Entropy (8bit):7.639689704461758
          Encrypted:false
          SSDEEP:
          MD5:82CDA1579396C7448CF844620E95E57D
          SHA1:8C8E257F42ADFC91AEFFCEB6334AA7650F8EAFB6
          SHA-256:9633DDE793C057E00B8D1705B2C79F25F62F20105852C59A2CEA1C82CB6F853F
          SHA-512:2677E746294E57F7C3EC1AFF3D2DB6C1869C7B459007808A87789F912559324378B46C85F392CB698C26110E17F664F50D71FC6A6FA4EDF56896D05ECF8C107E
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\0bb75071-8faf-4920-ba0f-152ba6c716fe.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16245
          Entropy (8bit):6.068012164670088
          Encrypted:false
          SSDEEP:
          MD5:4C3DE667DEE72F2EFDBBAC3CAF582CBE
          SHA1:BD9515660B353C68982FF6B066ECD9FF4AC43465
          SHA-256:506DF05C45A9A192A839F3630382274C9B8A7135858973BA79FEA1EE370ECEC8
          SHA-512:9354EC67F36556B42815866DFA083C0AC88F872B62A4C01EA6B1B2B1D7092BA5B5C9A74F3E3B3360EDC2848B4AA6C720F64F701DC07C0C3335F3469357201D6C
          Malicious:false
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4LVThXUnCL448fFvVayoDCWsdbVqNMUlJkiPsBWAMpciK6VFzCA4g6Ya+AgMj+8/wkfpDfC4Y2ZPYK8UE

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\292fc97d-90fa-4b02-860a-5ae1ae8f7039.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16335
          Entropy (8bit):6.067483848323677
          Encrypted:false
          SSDEEP:
          MD5:3AD916D115F83128C864534967EEE932
          SHA1:6659D52915818A088745E6BC14819096A89198F5
          SHA-256:A083DAE83FE016BDA85B42E3FCEECC044F05DA7911523818B918847AC8B7F21D
          SHA-512:94E3F20982C5E516352AE8C7FB68251FA3DB5A8B72BA8B05D5AFE2A4F73E40CB9E4732114C8A8DC7063C83D9AE604DC9EBD068F730EF36EAD94CA4BBE8A0C6C6
          Malicious:false
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4LVThXUnCL448fFvVayoDCWsdbVqNMUlJkiPsBWAMpciK6VFzCA4g6Ya+AgMj+8/wkfpDfC4Y2ZPYK8UE

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\319b4a06-297c-4545-bce3-3f1f7cb93364.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:modified
          Size (bytes):17648
          Entropy (8bit):6.060281485412487
          Encrypted:false
          SSDEEP:
          MD5:E73DF99B52437832F67BD61654DCC680
          SHA1:4AF333CD516BB94960D90002B9FA5A2F1920AE86
          SHA-256:A5FC0F9C86994668E779C5175A501C4E46D375F465B0E763A62680ACB50473C3
          SHA-512:60F6BBF4AC59C320EFAF2BD3CD3A35EA08F8ADC608D8E38895D70BA67660AF33DD4B486C3F45DB290B61B29AC35CEDB6FBDAFC090BAD6F26FF8E889426D4947F
          Malicious:false
          Reputation:unknown
          Preview:{"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736262015"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4L

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\37d1dd6a-bd8e-499e-b432-b4f1ec581747.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):17662
          Entropy (8bit):6.059972893977599
          Encrypted:false
          SSDEEP:
          MD5:27D6D98BB866F08F5D3CD052ED292752
          SHA1:18B6C5C03A6CEF2A988326690FE27B9E48D7A56D
          SHA-256:72AADDFE3D20954F43154641CF1BD858FAD64796B073B31B3BB3EFCD5EBAE254
          SHA-512:3B57558E30276C81645FB0BFCFA241E21C2F0F943C0DB27ABE4ED8A2C01BF9BAD805DF9620D491ABC72CCA85D7263206151CC10222923B3C0EF930B405140323
          Malicious:false
          Reputation:unknown
          Preview:{"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736262041"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4L

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\43e42eab-b009-423a-9b13-3b1bee00c322.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16245
          Entropy (8bit):6.068008163090177
          Encrypted:false
          SSDEEP:
          MD5:265B83B0ABDFB5792AB432512DF27B6D
          SHA1:D4201B7949A7A65397A8A0C78482A77481C59DA0
          SHA-256:3A7A256684896305772599229154AB2990742C5C7A70F610F0B17D6B5897F05F
          SHA-512:D7E202437F11518D980E245EE231F6E8526D7930113AB1148324247C8FBF626F1BC77A9CB005649ABD8E98992CC6732DEB63FC0C84390F0477DF5AA9421BD2CC
          Malicious:false
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4LVThXUnCL448fFvVayoDCWsdbVqNMUlJkiPsBWAMpciK6VFzCA4g6Ya+AgMj+8/wkfpDfC4Y2ZPYK8UE

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\817a63fe-de7c-46d2-8d0d-0cdb4d179274.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2899
          Entropy (8bit):5.297467803596752
          Encrypted:false
          SSDEEP:
          MD5:F09904CD88C8A4CBBBA6DE5330A5F932
          SHA1:A81170A2692D9A0760DC9420D775B633A0860F69
          SHA-256:DB867C93884D453F93AEABC9951860E72483E026E061FFA7993191556CE49BE2
          SHA-512:2D460858F5705B2EDD32D81B66DDBAB9FE2F8B7901B22D62256566DA7117B8B659688C210A0CF431D2406031BE0248013FA370C01127999E7AC0C175CB8391CA
          Malicious:false
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"policy":{"last_statistics_update":"13380735557999359"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad\settings.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):280
          Entropy (8bit):1.860216996293906
          Encrypted:false
          SSDEEP:
          MD5:926AA92609B680B6F48A96E5820706D6
          SHA1:511789EEC893A679500B26982E941E127F0F5F86
          SHA-256:0999D9428A134693585389B899C76E5831ED4599CDB0CA8115D5FDE2F22D1FB2
          SHA-512:F7F01F5E7E600CD569A7CC9170941EF5D6E62CDE24A3B0E97068F8BC7AC900FBB645730A84F47874FEF0FC7EF5A359CA33DA0AD0AC923BF5E78D73585AD5947D
          Malicious:false
          Reputation:unknown
          Preview:sdPC.....................sC..3.F..o.x...................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad\throttle_store.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):20
          Entropy (8bit):3.6219280948873624
          Encrypted:false
          SSDEEP:
          MD5:9E4E94633B73F4A7680240A0FFD6CD2C
          SHA1:E68E02453CE22736169A56FDB59043D33668368F
          SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
          SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
          Malicious:false
          Reputation:unknown
          Preview:level=none expiry=0.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\6701d20b-4faa-4a46-b021-cb5373b4327c.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6780
          Entropy (8bit):5.579621677752821
          Encrypted:false
          SSDEEP:
          MD5:C6B5583BAB121EB07E2712B582741EB9
          SHA1:7661020BB15CD19F33AD772B1473DA7EE1D4E972
          SHA-256:078574FB4E90062C6EDE4970549C6CD1874547723D2FE9276360877AA88BF71A
          SHA-512:320A09647492F330C4285B8C1EA23A2B93AF462D5A9700A8D03FD780D13DF7591ABB18E73D890371FF2FCF4347B30FE32F665A47EB3032FFA0080E4AF0A255C6
          Malicious:false
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380735558068925","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380735558068925","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\84eed6ac-c24a-45d5-97d6-cd3f93b14496.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6261
          Entropy (8bit):4.796163590898133
          Encrypted:false
          SSDEEP:
          MD5:6AABE3FAD205437FE406DBC67538C559
          SHA1:C6B5CC414C838DFA2FEED191CF27CA1749CB9BBE
          SHA-256:2A3229402EF711B32F9E3725088338D5FA8F7D476F80449E500286704F450C1C
          SHA-512:1ABCB20B0A3275FB292E5CD5F7C042B23CE1D94C734006EE564B22C635A51BE937C3ADAD6EACD31E5FF8514BF7AF9DAEE1EF97E5FFC0BD0C56E782824A6D20EB
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\9e2579e3-3b1a-498f-9923-ae1b6b7e77d9.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):5791
          Entropy (8bit):4.771637178880713
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\AssistanceHome\AssistanceHomeSQLite

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):0.3202460253800455
          Encrypted:false
          SSDEEP:
          MD5:40B18EC43DB334E7B3F6295C7626F28D
          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:modified
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:8EBEE7ED2A2E29A48CE61157B42D6427
          SHA1:9BC0E17A8FE922A145C2A9B8F3F0EF707E4A4008
          SHA-256:AE5346C9BFD9FE450194DE2332C3F6FA180F2FA6D2D831CFA3AE087566CF2530
          SHA-512:1601C2F002A5D7E201F76BDA6D8240C7850D1F8B06B7D89A309B23BFEB0122A036D863D7E802D2AF6BC072ECEC9D9A5C97292CA985511C07239E3E1E4422380F
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):524656
          Entropy (8bit):5.027445846313988E-4
          Encrypted:false
          SSDEEP:
          MD5:B0C6943BA45922DDFDEA9CCBA1CB8CF5
          SHA1:133686215A7B0D556A7C793FBAF71482662C6B3E
          SHA-256:F5941D49CE9CEBEFDE0BCBE2142B2820B525E5ECA954CDED3DF1D8698F563E96
          SHA-512:4886A86937D1338826CE1E86D8EA4206E1918425AC2709B656E81E3C5D4F659EDEA9F46ED236697E13F71E41883B7F28D1E1FCA9A68EFE26CCE4BF9792A1E2D1
          Malicious:false
          Reputation:unknown
          Preview:...........................................F../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):24
          Entropy (8bit):2.1431558784658327
          Encrypted:false
          SSDEEP:
          MD5:54CB446F628B2EA4A5BCE5769910512E
          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
          Malicious:false
          Reputation:unknown
          Preview:0\r..m..................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):48
          Entropy (8bit):2.9972243200613975
          Encrypted:false
          SSDEEP:
          MD5:3F3260EFAA9BE5463AF07D865B3E5278
          SHA1:299C254BE1AC0B1A6FB6F9C2C8AAF0A77679786F
          SHA-256:EB49B5D20DB377DE633665052E9763AB65E45AD4DEB7C99580CDACE964C0BFEB
          SHA-512:B92FFCBB9BA90F64BDA7E0EF15DEB0C82FF3606DDD22ED32C78F4B93D44333626A0627E9D7680B5E1A0063571B0FD716BB045F9841480ADB1F72B5F6DD13B7B7
          Malicious:false
          Reputation:unknown
          Preview:(....g%oy retne...........................E../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3F3260EFAA9BE5463AF07D865B3E5278
          SHA1:299C254BE1AC0B1A6FB6F9C2C8AAF0A77679786F
          SHA-256:EB49B5D20DB377DE633665052E9763AB65E45AD4DEB7C99580CDACE964C0BFEB
          SHA-512:B92FFCBB9BA90F64BDA7E0EF15DEB0C82FF3606DDD22ED32C78F4B93D44333626A0627E9D7680B5E1A0063571B0FD716BB045F9841480ADB1F72B5F6DD13B7B7
          Malicious:false
          Reputation:unknown
          Preview:(....g%oy retne...........................E../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):48
          Entropy (8bit):2.9138909867280645
          Encrypted:false
          SSDEEP:
          MD5:031496C8B861DC917385C8273FDC986D
          SHA1:80C9E1E141DB486BEB24E7615982285C84CAFAEE
          SHA-256:F3F25604E8DEE779EDFDF92AC9CB924ACD9F7ACEAAF653788B949FB02DED4BFE
          SHA-512:7DCC2AF5CA6F3CB185552B246A11DCC1214F7D38487C1E1F389F82584DAD2BA63AF157237E5BD7EF6DC40BC9AEEF244BE6BA82CE260BE8D9DFE625E62122B24F
          Malicious:false
          Reputation:unknown
          Preview:(...E...oy retne...........................E../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:031496C8B861DC917385C8273FDC986D
          SHA1:80C9E1E141DB486BEB24E7615982285C84CAFAEE
          SHA-256:F3F25604E8DEE779EDFDF92AC9CB924ACD9F7ACEAAF653788B949FB02DED4BFE
          SHA-512:7DCC2AF5CA6F3CB185552B246A11DCC1214F7D38487C1E1F389F82584DAD2BA63AF157237E5BD7EF6DC40BC9AEEF244BE6BA82CE260BE8D9DFE625E62122B24F
          Malicious:false
          Reputation:unknown
          Preview:(...E...oy retne...........................E../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DIPS

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.43508159006069336
          Encrypted:false
          SSDEEP:
          MD5:F5237AED0F897E7619A94843845A3EC3
          SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
          SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
          SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:819514E4097DFBE58AFAD47F437BB136
          SHA1:F5F579817F9EF7633CD603346970E28DB2884BC1
          SHA-256:E8FEBD142BB807AD78FC77071036ACEF177F5C4BFE1F70D6CFB4AE1B19685ABC
          SHA-512:6A5AAC0D6E2B3FBA5643C1AFD844C6C1CBA07F4BABCDA36EA13D3A668F37A21F0A05891D7CCFBCC2DAB16F686AC50364286722A913662A4220CFBD7F4BB391A3
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\data_3

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.012340643231932763
          Encrypted:false
          SSDEEP:
          MD5:41876349CB12D6DB992F1309F22DF3F0
          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:F3C5F2D5195A9DB68018B1B4A4E129A0
          SHA1:64DAEBB55403625F31E8BF53D143C48F2233F164
          SHA-256:6B2F9CADE2781AA5F99C27CE0D3305528A5BE810588FA9495C686511DCEEF509
          SHA-512:A6987FC3070465B74FAE4216C6A0A9CCD8DADF543635B8DF8B7FEC9B7637452994CC7F819D1CB3657D02E93C5134147705A291698E6B3F99C3AE80722E98297A
          Malicious:false
          Reputation:unknown
          Preview:........................................G..E../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\EdgeEDrop\EdgeEDropSQLite.db

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.494709561094235
          Encrypted:false
          SSDEEP:
          MD5:CF7760533536E2AF66EA68BC3561B74D
          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):38
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:
          MD5:51A2CBB807F5085530DEC18E45CB8569
          SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
          SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
          SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
          Malicious:false
          Reputation:unknown
          Preview:.f.5................f.5...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):5.284793778232598
          Encrypted:false
          SSDEEP:
          MD5:BB3215F5FA2A093DAF2390CF6B72F953
          SHA1:4303E8EA28B3781F5A3AF1193E98C750B1D9FE29
          SHA-256:40B469916C2566DB3B72E313D83EF46991ECA4B259F9091EBDD79F6D82039750
          SHA-512:6A5D7F60289369D32AFA8BF870E3EAE5EA7EC07BCBD73EE9791FF4D9D97149B0CE783C6B1A77C18947C29C1A2A70522802E0C57F8C808A27076D5CA2EAD3546F
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.069 1810 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules since it was missing..2025/01/07-09:59:18.159 1810 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):283
          Entropy (8bit):5.299068820374491
          Encrypted:false
          SSDEEP:
          MD5:292E354FFCE945FC4E19C1AEAABCFB14
          SHA1:F5A4D494EDEC8BBEC4359D693C667F7EB6B78B8A
          SHA-256:C570344C3AC40D2AB676A491939FA37EE42FD26F9112DAA8A15D1DCE310E2985
          SHA-512:1117C60115DB0D9A30CA9FF547F52E3E9BFD9DF3F5686479A60A671618B6CD7F2A183A613639F7C1AB590B29D5753B00493FE27FF07B405F953A8121B34E415C
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.313 1810 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts since it was missing..2025/01/07-09:59:18.431 1810 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):114
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:
          MD5:891A884B9FA2BFF4519F5F56D2A25D62
          SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
          SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
          SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
          Malicious:false
          Reputation:unknown
          Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):277
          Entropy (8bit):5.307942835397087
          Encrypted:false
          SSDEEP:
          MD5:F65920FE565029B5AD968D8B6D7E5310
          SHA1:8CF0EA43D75C27E0EC754811B5D190C88367ED9F
          SHA-256:C717A5CD996A1E4D529676E9675F90E969D404C2856363BEFC25B918C0AB77FC
          SHA-512:95115BBFA757A0B44585A3DB5088ECDDE77D5C456CFC8EEB41044A971D973A1FB946AE1BDEBA7F68A12DC2598F23878211E025648B9D24DAE7ED2372E8874412
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.734 738 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State since it was missing..2025/01/07-09:59:18.779 738 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\ExtensionActivityComp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):4096
          Entropy (8bit):0.3169096321222068
          Encrypted:false
          SSDEEP:
          MD5:2554AD7847B0D04963FDAE908DB81074
          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\ExtensionActivityEdge

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.40981274649195937
          Encrypted:false
          SSDEEP:
          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Favicons

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.6975083372685086
          Encrypted:false
          SSDEEP:
          MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
          SHA1:C569D730853C33234AF2402E69C19E0C057EC165
          SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
          SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\GPUCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:1D3A84E1FFC5EF1F0C159392157CDAA9
          SHA1:77602A19A3C5D63D22767DC4A2B0F8F66F3375E7
          SHA-256:F3EB5121AAC02A6EE6FA5D104329590C89BF7A11165ECE7C3645E0B78498C273
          SHA-512:B4B1DF37951D4BD0B92480E4632B53D467ECEA359479A8BFA1FA6BA215FDA0C169475231BDFD03091058A52F7EB19397445707DC34FAA3F89C16E44D3D8703D5
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\GPUCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:66944F55E3C0B0012D96BFAFC2A30822
          SHA1:2360C2E10E64AFDD4E21658919F92C8B54B36856
          SHA-256:CAE34EE8142389E3E79F474B7B6FB5601232E7C2885BD1355A9170FB0BC07688
          SHA-512:8C1258AF37C26FA5F4AA7E19BB2115B172D944E1C3C6184DC1802F681741D9F66D430F3DFC3BFE14F21EB330CC8E5E5686C600665E7575D1123EAD6132E45A33
          Malicious:false
          Reputation:unknown
          Preview:........................................H..E../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\History

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):155648
          Entropy (8bit):0.6821070839392155
          Encrypted:false
          SSDEEP:
          MD5:65DD8E92472964BEF07CDA83E0A90EB7
          SHA1:502A678CFA13621C87020F92C55C54CE44481EDE
          SHA-256:3C0333E9DA578D0C9D094B2633A21DB1102DBEF9045982EBA2B04D542CD8BB25
          SHA-512:E2322FEB628B803934BE49E2C8A0CA277BC78C7FE394F63CCD12F7C21397763ACAF05C32DB7C55006A683EB39333205D6DDE08BEBD8FE097337D842F177EB970
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:modified
          Size (bytes):291
          Entropy (8bit):5.316589927548284
          Encrypted:false
          SSDEEP:
          MD5:61A1FEBC7A66E62B19178EF9DDF05C4F
          SHA1:91A1B33403F6298C0B08FBF3FFC9A0B0B1E17D3E
          SHA-256:2BBDDFE485FC1D6A2199AD0842D025D3CFA287567C03F0048E2AC501C1C56B34
          SHA-512:691F4496ECE1946CB1B686873B5BBDB39AFAD5CB138CA713E2FA73D01850A8C2C0C1805CBFC5EA2B77BE708E061A9F6ADDC9731419A5EA6112134EF5270E2E42
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.615 1b68 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb since it was missing..2025/01/07-09:59:18.715 1b68 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Login Data

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):43008
          Entropy (8bit):0.9009435143901008
          Encrypted:false
          SSDEEP:
          MD5:FB3D677576C25FF04A308A1F627410B7
          SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
          SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
          SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network Action Predictor

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.40293591932113104
          Encrypted:false
          SSDEEP:
          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\18bb1f98-87d8-466d-965f-54c5dc3ed76c.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2
          Entropy (8bit):1.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\3de814c9-f32c-4d27-82b4-8fc2cd20a79e.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):59
          Entropy (8bit):4.619434150836742
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\6c6aac3d-6754-4750-8b55-6bced6676fb2.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):111
          Entropy (8bit):4.718418993774295
          Encrypted:false
          SSDEEP:
          MD5:285252A2F6327D41EAB203DC2F402C67
          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Cookies

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.6732424250451717
          Encrypted:false
          SSDEEP:
          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Network Persistent State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Network Persistent State~RF4bad2b.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Reporting and NEL

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.5559635235158827
          Encrypted:false
          SSDEEP:
          MD5:9AAAE8C040B616D1378F3E0E17689A29
          SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
          SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
          SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports~RF4a841c.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Sdch Dictionaries (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:false
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Trust Tokens

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.36515621748816035
          Encrypted:false
          SSDEEP:
          MD5:25363ADC3C9D98BAD1A33D0792405CBF
          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\da1f83ab-0a1d-4413-9bc1-e41d02be74c7.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):40
          Entropy (8bit):4.1275671571169275
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:false
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF4adb64.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF4b20ba.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF4b7ec8.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF4bcd17.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B09FE06EAA190E695AFE7E67D4D66170
          SHA1:BCD13B9014F7D7D511C81EEB5D47AC3C2DA5DBFF
          SHA-256:E975CCDC7366B6F93C2069B22936C1DD1CDCEE278E5280348DF55060E3CD437A
          SHA-512:5CD07EA1FF091AABBAD65923A82410A3261070CA352C4F5D46894DC38E161A64DE66C6A12F7B46C9D02B290AB649B8E78D611B16158D2D1EC21842B7827DAEC3
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\PreferredApps

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):33
          Entropy (8bit):4.051821770808046
          Encrypted:false
          SSDEEP:
          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
          Malicious:false
          Reputation:unknown
          Preview:{"preferred_apps":[],"version":1}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\README

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):182
          Entropy (8bit):4.2629097520179995
          Encrypted:false
          SSDEEP:
          MD5:643E00B0186AA80523F8A6BED550A925
          SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
          SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
          SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
          Malicious:false
          Reputation:unknown
          Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Secure Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C6B5583BAB121EB07E2712B582741EB9
          SHA1:7661020BB15CD19F33AD772B1473DA7EE1D4E972
          SHA-256:078574FB4E90062C6EDE4970549C6CD1874547723D2FE9276360877AA88BF71A
          SHA-512:320A09647492F330C4285B8C1EA23A2B93AF462D5A9700A8D03FD780D13DF7591ABB18E73D890371FF2FCF4347B30FE32F665A47EB3032FFA0080E4AF0A255C6
          Malicious:false
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380735558068925","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380735558068925","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:modified
          Size (bytes):80
          Entropy (8bit):3.4921535629071894
          Encrypted:false
          SSDEEP:
          MD5:69449520FD9C139C534E2970342C6BD8
          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
          Malicious:false
          Reputation:unknown
          Preview:*...#................version.1..namespace-..&f.................&f...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):5.227123304554426
          Encrypted:false
          SSDEEP:
          MD5:7AA020EB6C11AD985B4AB22A3792693E
          SHA1:D8778971A4A023F435C670C3E01FDE3AC953A076
          SHA-256:89ED3C49046157FBC577DEC409E04B942041246943EC00DB60CA2690AD7A5CE7
          SHA-512:FB1775AD99C1FFE3247745553CE29BE7AC5F136F2357BCF5B29ED1C5EF557F6DF05BD37E126DB38C31889FB1910EAC66C26D10A04B82E7033AFE5188865934F3
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:00:12.688 1b68 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage since it was missing..2025/01/07-10:00:12.825 1b68 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):40
          Entropy (8bit):3.473726825238924
          Encrypted:false
          SSDEEP:
          MD5:148079685E25097536785F4536AF014B
          SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
          SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
          SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
          Malicious:false
          Reputation:unknown
          Preview:.On.!................database_metadata.1

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):307
          Entropy (8bit):5.201383021995826
          Encrypted:false
          SSDEEP:
          MD5:4B38481C48E7EBA2A9A5DA8132CBE34C
          SHA1:85FD7CAF1639E2D11AF392FF3B9B3C8D9A2AC039
          SHA-256:47745C6553092B278C67E4700E4A9ED6DBD42F6F4149C2D0BA5CE58C0C3D0208
          SHA-512:7A46A8407A0281F7C81478BCD3BFFB6443CACE8D07480C01C3180F80913DF620C69057553E4A36EE80B2ACA1F07D5A66A1D0A531B9D8AC0651258BE850341F27
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.061 1830 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database since it was missing..2025/01/07-09:59:18.100 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):46
          Entropy (8bit):4.019797536844534
          Encrypted:false
          SSDEEP:
          MD5:90881C9C26F29FCA29815A08BA858544
          SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
          SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
          SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
          Malicious:false
          Reputation:unknown
          Preview:...n'................_mts_schema_descriptor...

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):281
          Entropy (8bit):5.335110762253112
          Encrypted:false
          SSDEEP:
          MD5:63A71D139292C009C574345B7A4D2012
          SHA1:BF8FB1C3BA0D13D346624C895CF7E0AB46BAABEC
          SHA-256:9AADE6314E68E4934F224EAF3783347F220837D630E5EE2F4C998791180F8A66
          SHA-512:8CB258440D8BDA6880E636EA62258223E545B3DB30FCCD1E4068986A5443A351913563E9EBADAF1B61E8A70257B4CB6CC754F39114BCEE44F91A9A510523E576
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.608 738 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB since it was missing..2025/01/07-09:59:18.626 738 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Top Sites

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.3528485475628876
          Encrypted:false
          SSDEEP:
          MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
          SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
          SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
          SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Visited Links

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):0.005551902734588277
          Encrypted:false
          SSDEEP:
          MD5:2E213BF06E54E1BA4AD54FFB9F63A5D3
          SHA1:FC03535BE18F2766A4C13FD500A181D6E3055052
          SHA-256:0EF58F92E989843F32C0DC2F6F1FD2DC3BC52545BE2F19BBE32250F22AE2D653
          SHA-512:C6176718855D841E91476605CF35006DE5C801002579FFB4C7A085F76D7F5381ABB9FCFA4D8D71AD043E01280BDFDB0B57BD28C119E768C63E880E1775C3361E
          Malicious:false
          Reputation:unknown
          Preview:VLnk.....?......F.....P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Web Data

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):178176
          Entropy (8bit):0.9338832336063824
          Encrypted:false
          SSDEEP:
          MD5:7BB03F75D319C189353F1918C68B5CC3
          SHA1:D00676C63A6BDAC973830A20211011D32BF0550C
          SHA-256:467941A95F7ACD9C795D21285221E07CC19E6680E9148ADC6878701AEC979875
          SHA-512:698A9C85E398C2A4B1B4A0EB4A7132F8A6963B114276E4CA6E0D16F9F77BB6E45559C2A954F4044460399AC84ED6C42589262D926C5EEE2B0C7D7F699ED7BCF4
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\cd796248-71bb-4eaa-8c9b-96f45bd22f3e.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:modified
          Size (bytes):5853
          Entropy (8bit):4.778778222266683
          Encrypted:false
          SSDEEP:
          MD5:CD16D4970F3863012F9ACC7AB87E60CF
          SHA1:D8A29F1ECCBEBFA39919836507DB0F5F79253ABD
          SHA-256:D8B589CC829043A5E46F10DE1A6F9A14905FF488B1FD4626E260F0B4F03431EF
          SHA-512:7802C1B1CB7620588CC7E38F0EA586FF0E46A33EF44655B3FFCAE5387CB7FD5CEFF43CDE83F8B9EBB9CA7D172B303C34869B0CCB9B13DCAFB46C04AF832732DE
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\cf6b7b05-c056-4028-ac3b-0b014d66a632.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6261
          Entropy (8bit):4.796092120250674
          Encrypted:false
          SSDEEP:
          MD5:18039915DF78B9DB40AD72C471287BCE
          SHA1:F5751C05D602636006CC72741995E2D357A617A7
          SHA-256:0085B386A7E58F95DF1588F8AB5C730F19D62F18567524BCBD3CF2323FC7B01D
          SHA-512:02C9EC90941D1ADE140E39EE9423FD5648E758C2B39332B9F8ABED1068792FCE5812B9389CDE7D0079FA0E25C56ED89188F93C67D0229F4CF731F2762C8C84B5
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\dc079ce6-f45e-4ddc-bae7-14599fa94dd6.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):5791
          Entropy (8bit):4.771843663666237
          Encrypted:false
          SSDEEP:
          MD5:A7F63F4D165C906DBBD80EB955370E71
          SHA1:4057583D34F5FE8AD6634EA1881F7571AA2A0542
          SHA-256:B46E6582749D4B0804636DE0FBD84456D835A3EB32543E1CCFA3D83E2519EE3E
          SHA-512:8D2FA7F8EC6A9B4F569399781E36464DE552741F137B649A9CD19DFED7090AEBEB470ABFDC0676E90B5F4E01103B616F0913AAFB9A3BD75ECCF720977FFE6B42
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735558655869","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735558583517","domain_diversity":{"last_reporting_timestamp":"13380735558654978"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\heavy_ad_intervention_opt_out.db

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):16384
          Entropy (8bit):0.35226517389931394
          Encrypted:false
          SSDEEP:
          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\000001.dbtmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):1416
          Entropy (8bit):5.403335260902701
          Encrypted:false
          SSDEEP:
          MD5:D1580AD8F803DE5E5D2056A8680BB9F7
          SHA1:712FBB2B92CBFE60F3B79A12F97644AFF60CCD37
          SHA-256:71D06C723F6C4B463C7E5EBE117FB9E7F7DB2EA8AB19F6B051CE2077954C061F
          SHA-512:2781A5CDB24BA7DFB6983A2944726D85ACD68ACC6283BCD4034B58F858A8AC463CDCE4CA7B35F4E1537DE3B3A7FBCDDD85CA11C049A5DE2B1FDD0EF4B46E314A
          Malicious:false
          Reputation:unknown
          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f...............jJ...................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel.....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch......4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton.....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo......4_IPH_GMCCastStartStop...IPH_GMCCastStartStop......4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode......4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage....."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch.....-4_IPH_PriceInsightsPageActionIconLabelFeature1.+IPH_PriceInsightsPageActionIconLabelFeature......4_IPH_PriceTrackingChipFeature"..IPH_PriceTrackingChipFeature.....&4_IPH_PriceTrackingEmailConsentFeature*.$IPH_PriceTrackingEmailConsentFeature.....-4_IPH_PriceTrackingPageActionIconLabelFeature1.+IPH_PriceTrackingPa

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\CURRENT (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):279
          Entropy (8bit):5.379471624637611
          Encrypted:false
          SSDEEP:
          MD5:E7B6CF8F07048E25A5795D98C00B0AB8
          SHA1:7A06D1296B397C05ADBCF9E151E14E38F5A07978
          SHA-256:B873450D74E4136CA4E953FD7B39E8453D91A445F717F534A0BDE8C052EAE0CF
          SHA-512:AB4664914D0168CD0716B81FD09F56A281356541C28094DC659779A5F5A85EB48D4B35046FD9D9306E748109F23C976C0A83EFE359B29EB261105E806369F6F1
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.498 19a4 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db since it was missing..2025/01/07-09:59:18.521 19a4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\MANIFEST-000001

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Reputation:unknown
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\metadata\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):584
          Entropy (8bit):3.9337937711579563
          Encrypted:false
          SSDEEP:
          MD5:00160CD54906F89564D9A8B317F59DF4
          SHA1:BF63E921F89C328697E1713BB4C2B71A093CA7BA
          SHA-256:45AA2F2417143B085262F0012DAE1AE35149D85AB7475B8C3C818DD4709CB0BE
          SHA-512:3A450098DBF86184919995F76A92253993B14B39CF6FEE6F673970300CA8DFBD4DAEAC1164701A4F97D12A8424B8CA7C6F11BA1E85F0E2D35CC770E68552BEFB
          Malicious:false
          Reputation:unknown
          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.......w<.................20_.........................20_..........................19_.....}....................18_.....1..W.................9_..........................9_.....t..).................3_.....B....................4_.....:.=..................3_......W2..................4_.....

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\metadata\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):297
          Entropy (8bit):5.33268111843449
          Encrypted:false
          SSDEEP:
          MD5:C17471265810A652070FFB31C0EEE410
          SHA1:C0D4F17B8CB0059E3903B744024F1FB9C4CDA54F
          SHA-256:1FCA8E7DB4F160CE3EF07108515AB0F6809FFD501DF6DDF86AA7B00CD46C36D1
          SHA-512:6F13F2C5867021C042051E7BED114BD14D2BBB9765CAFA4B642B4BC7E91ABB5E4A26AB0209E2D645B47396CB95FE4D3126D269FEC39E8DA423C4C67ABED2A3CD
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-09:59:18.289 19a4 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\metadata since it was missing..2025/01/07-09:59:18.407 19a4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\data_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.01057775872642915
          Encrypted:false
          SSDEEP:
          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
          Malicious:false
          Reputation:unknown
          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:242F4A464E548CD84D49750289ECE698
          SHA1:D61D0278203BBAA08AAD9F08BCCE4ED8DE517ACD
          SHA-256:99D0D603A5A71A274A6371D3500770A3FADE65895B6EC2744F6A4707C34C406A
          SHA-512:7C14222B4ABB2DB6E0FC5632E3B8EA40559A06F7CEE3A0C540894B991BD4EAB9F87552A4A6C7D30AB7CF97E117261D9EA9BB4B83C4DB549E0DD464B731DCDDD7
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\data_2

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.011852361981932763
          Encrypted:false
          SSDEEP:
          MD5:0962291D6D367570BEE5454721C17E11
          SHA1:59D10A893EF321A706A9255176761366115BEDCB
          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:44E1857A10F256504C908A35772E2677
          SHA1:BC43491D81F9C7514745A73D94C2C3802F82ED4D
          SHA-256:D0A54E5A1B7EBDC690800CEE9E46FA8E005E93E9508880243E686AB9F5F4DE71
          SHA-512:2BD218E20FB015A915CB0751480FD93C184C77FCF4BD9CCE4036EBEA017B30AEBD8EE4EC876565C5D968D5027C9784987990D7D0084F32E77211EA0F209BC369
          Malicious:false
          Reputation:unknown
          Preview:........................................1..E../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GraphiteDawnCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:294928194CC3F3C5AB0B4EACDA9A2923
          SHA1:F5A30BAAA9C57671C854C1D7E9092C8B4C5B741F
          SHA-256:C93BA59E349F69C5942D3AAC0682BE74F8A209586B8D13C075E235D2A0481ADB
          SHA-512:3D46AFC0C292B79D77A559FDCF6432CC573989CCBCE94F279646D9E60A4E061E9A897CDE12C7D2D329B7FC90CBD5E62CF4EFDD1959A9BA81C55801217417D581
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GraphiteDawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.47693366977411E-4
          Encrypted:false
          SSDEEP:
          MD5:0E189BB1760AB15D6982C8F8FEFF118A
          SHA1:DE23BE26167B8B3455881286C0EEEE2024B20880
          SHA-256:171CD7A53206ABB97E23A541AD112F669FF03073A72D10CEF5A0A986343796C6
          SHA-512:68D91D5D9BE31A37AC155C909688F4966E1E072B75BB118927883B4E6850CC12939810355582D578927581789C4EA8C2C631A4D00F6AA41AB07F2D6913243C68
          Malicious:false
          Reputation:unknown
          Preview:........................................4..E../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Last Version

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):13
          Entropy (8bit):2.7192945256669794
          Encrypted:false
          SSDEEP:
          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
          Malicious:false
          Reputation:unknown
          Preview:117.0.2045.47

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4a8276.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4a82d4.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4aa9d4.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4adb54.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4b32da.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4b8010.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF4bcb13.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\ShaderCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:modified
          Size (bytes):270336
          Entropy (8bit):0.0018164538716206493
          Encrypted:false
          SSDEEP:
          MD5:7713EE9AD044707830E8DD9FC4A68EFE
          SHA1:75DCE040C2598AFABF1E001D9BABC87B337331B2
          SHA-256:4AE9871C06FACF12B355CA133B280F877D88E01E96482337F67A07E60B0256FB
          SHA-512:7F909CBA5D8217913467D135FD4050F26E367FC6FDDD80BA88AED56CDF0E0B5D98CCF9E7550CACA82CF11450D9AECA1DBAF94F13C75006270E2E2DF1C2007B2B
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\ShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.47693366977411E-4
          Encrypted:false
          SSDEEP:
          MD5:E4CFBE71D89C581A6D783A7D0292C383
          SHA1:9496081EE599911E97F20AE84B364B7BE1176E09
          SHA-256:1D7E4B19967B82B8BCFEFDDA801A342C97A6502B97C7D9FA925868DB9835B4BD
          SHA-512:D551BCFCABEC1A562550CDF4060C7784E73929F50817FDA3074D7A5C47B4B1BFF99B531BA89E47B455909B226005942EBD80DA28234C3A5761695475A5747ED6
          Malicious:false
          Reputation:unknown
          Preview:........................................e".E../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):29
          Entropy (8bit):3.922828737239167
          Encrypted:false
          SSDEEP:
          MD5:7BAAFE811F480ACFCCCEE0D744355C79
          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
          Malicious:false
          Reputation:unknown
          Preview:customSynchronousLookupUris_0

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):35302
          Entropy (8bit):7.99333285466604
          Encrypted:true
          SSDEEP:
          MD5:0E06E28C3536360DE3486B1A9E5195E8
          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
          Malicious:false
          Reputation:unknown
          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\edgeSettings

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.5724312513221195
          Encrypted:false
          SSDEEP:
          MD5:5692162977B015E31D5F35F50EFAB9CF
          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
          Malicious:false
          Reputation:unknown
          Preview:edgeSettings_2.0-0

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):3581
          Entropy (8bit):4.459693941095613
          Encrypted:false
          SSDEEP:
          MD5:BDE38FAE28EC415384B8CFE052306D6C
          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
          Malicious:false
          Reputation:unknown
          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):47
          Entropy (8bit):4.493433469104717
          Encrypted:false
          SSDEEP:
          MD5:3F90757B200B52DCF5FDAC696EFD3D60
          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
          Malicious:false
          Reputation:unknown
          Preview:synchronousLookupUris_636976985063396749.rel.v2

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Variations

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.3488360343066725
          Encrypted:false
          SSDEEP:
          MD5:BC6142469CD7DADF107BE9AD87EA4753
          SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
          SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
          SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
          Malicious:false
          Reputation:unknown
          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\b54ebfe8-022e-4a63-b50e-bdde9c420913.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2052
          Entropy (8bit):5.461239629372381
          Encrypted:false
          SSDEEP:
          MD5:177DA8084B56D81DDE54B6472AB428E4
          SHA1:4476A47BC01D16D39A5F20E5F8CC07D747F06C25
          SHA-256:F7BDD16D32370651FA7680206C189B0551B248290F93DF99DBDCC99A3BFED6AC
          SHA-512:56B4B14A9BD19A8C748F006E3854C744DFA8ABF9585746B9DE1F259699E078AC9D359FEE8E1210B48E95452DDBD272587E9B04C8E22CF1D61CC8FA23E759A1DA
          Malicious:false
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"policy":{"last_statistics_update":"13380735557999359"},"profile":{"info_cache":{},"profile_counts_reported":"13380735558010897","profiles_order":[]},

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\fd16e3fe-62f7-4013-b7ff-f6253a35f7d9.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):949
          Entropy (8bit):5.702011349091325
          Encrypted:false
          SSDEEP:
          MD5:6C8D9396E56CD9B7AD53501F4ADA25CE
          SHA1:B754D943FEAE66D8068E28C76EF71A19EC55D0D4
          SHA-256:6178B8F7FBFE429E61F73B6AA36D814590A5A7C15AF5DF0EB3FA8CDCA05EC03D
          SHA-512:6C1468BEE2FE31E44B837A0199EEBC7701B56C39C2757F50F76D10EEC77DEB3C25FA9A351857C5F49768FB9E1091733334BAD7A1A3779D21F763512872D76A1E
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADa97DHgF1bTLB8B82Kj8teEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAAlrx1Cjya7uJDm1MwCHVdt/NvSdippGJsSw9f21MAgIQAAAAAOgAAAAAIAACAAAAAT/eDRHZsAx4uG4YeQ8G1SbqKPgSaFYIAJ65+yDjZfZzAAAAAUfKEvsQ2T0STJlHVA/9JbtE280SyoQpiydlkC2kJWGmmWEljP35x5N7kfI6z59kFAAAAAiktMt75lJcYYWoPlPhhbaJnvvQfuyDUrKC7Y++AxHgKr8bnoXfSBWZKk7N5/l7FduXlABYM361cxKsoYrwB6lA=="},"uninstall_metrics":{"installation_date2":"1736261957"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7850,"pseudo_low_entropy_source":2324,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735557779829","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\nsdF56.tmp

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exe
          File Type:data
          Category:dropped
          Size (bytes):4725062
          Entropy (8bit):6.564140729809161
          Encrypted:false
          SSDEEP:
          MD5:25FAA4284D26B7E15927B71309BF00CB
          SHA1:8E886F422854051C35CBD76967801E3ADE39BE48
          SHA-256:A2F36E5660DECE59E224D66F6276E1EFFB9B6D5EEA7624E85C6C100C96C9E1C9
          SHA-512:35492F8B05F475F3B3391D2B17B9876009E449B51F7654E15B02026FBD45900D69986429636880AD30C3667247FFEDB14E2E3481906FACC1935121B673107387
          Malicious:false
          Reputation:unknown
          Preview:3Q......,.......................L.......99......3Q..............................................................0.......x...................................................................................................................................................................T................m..j...............................................................................................................................................y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsdF57.tmp\InstallHelp\SecurityScanner32.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\SecurityScan_Inner.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4596888
          Entropy (8bit):6.5841505800616265
          Encrypted:false
          SSDEEP:
          MD5:1DEAC9CC1B216FEDA4E1991F2DA8AD5E
          SHA1:EAC92553B56A6A8C4C2D079B4D455DC20C97A33B
          SHA-256:551484D8B97D034D5935B1B58F0F17CC44AF8587DE0969C3A1C20BC2AF3A09EC
          SHA-512:986D7CF10E05D8D28D4B549334AF2F3805406851D007AA9C5E3047B8F27F2ED02035357408729AF7DA7670871935185872524D4C767F2DBA7A9C622332BB13BF
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........g.ED...D...D....~.......x..W....x..Y....x..5....s..E....X..L.....P.@....X..A....t..F....s.......~..Q....~..f....~..F....~.._...D.......^y......^y..E...^yd.E...^y..E...RichD...........................PE..L...2.Mg...........!...$..2.........%T,.......3..............................pF.......F...@...........................>.......>.T.... @.`............^E.......D..c...w:.....................@w:.......5.@.............3.(.....>......................text.....2.......2................. ..`.rdata...3....3..4....2.............@..@.data...8....P>......0>.............@....rsrc...`.... @......&?.............@..@.reloc...c....D..d....B.............@..B................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\InstallHelp\SecurityScanner32.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4596888
          Entropy (8bit):6.5841460391252165
          Encrypted:false
          SSDEEP:
          MD5:834A987E4F283F471039365CE4284C54
          SHA1:7B32A5F0B34B113492AA530DA3EA75BC000B65BA
          SHA-256:C9B2B122BF6E541E5FC07863E0ECB8922DABFA79004D1D29EB7E6D888BF01A91
          SHA-512:67C7EA1808690CF27DFEADFB55DAE9365E222D9B5CBD557536999A1C8BBE0428EB91DD226D902D583E4CAFB1C96B770CA7558E7C94395C35EC5829B4DF555473
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........g.ED...D...D....~.......x..W....x..Y....x..5....s..E....X..L.....P.@....X..A....t..F....s.......~..Q....~..f....~..F....~.._...D.......^y......^y..E...^yd.E...^y..E...RichD...........................PE..L...2.Mg...........!...$..2.........%T,.......3..............................pF.......G...@...........................>.......>.T.... @.`............^E.......D..c...w:.....................@w:.......5.@.............3.(.....>......................text.....2.......2................. ..`.rdata...3....3..4....2.............@..@.data...8....P>......0>.............@....rsrc...`.... @......&?.............@..@.reloc...c....D..d....B.............@..B................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\Installer.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):877
          Entropy (8bit):5.2855919419236725
          Encrypted:false
          SSDEEP:
          MD5:D33D6273D4A553680525F68A10798AE8
          SHA1:E9D8DA1140F4DA8355741CA0E16EC9E582DE55F5
          SHA-256:F62CD148AAD0D4A67360E7A359E11A8E4D3297B76E3438E1876F76E7ED8DE91A
          SHA-512:C70E773B48785D56489CF8C6FA38A2B11FC94B6567595E33E61C599DADDCD3544F7EF1D8F9A54260C8DB94BCF010DB22D93F0E1580EDF6C8F2DC0920A3D06307
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM =/inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McInstallerStartup.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2891872
          Entropy (8bit):6.578978372278864
          Encrypted:false
          SSDEEP:
          MD5:B218DDDA034E0B49A889A837FE3C425B
          SHA1:F422ACA34A87854B84BCDBC5F09E8AD70B1463F0
          SHA-256:E171C9C660CA4BF479A891E0CA83349ABDDEA494D103ED416FD901326C3CCC96
          SHA-512:FA9E33C2A5C8816A51D5D008B236F5BD96E95F126876EBAAA83AA60C0EAB021A3C702DDF5BEA4DD1AD1CD361027CD26B706154C001BD2366530B7EAF9C924E1F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........J...+q\.+q\.+q\.Sr].+q\.St].+q\.Sw].+q\uUu].+q\.Su].+q\uUr].+q\uUt].+q\.Sp].+q\..\.+q\.ut].+q\.Yp].+q\Fuu].+q\.+p\.)q\j^t].+q\.Tx]N+q\.Tq].+q\.T.\.+q\.+.\.+q\.Ts].+q\Rich.+q\................PE..L....Mg...........!...$.....................@...............................p,...../&,...@...........................'.......'.......).p$............+.`.....*.d...P.$.T.....................$......U .@............@......8.'......................text...T,.......................... ..`.rdata......@.......2..............@..@.data...x.....'.......'.............@....rsrc...p$....)..&....(.............@..@.reloc..d.....*.......).............@..B........................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\McUICnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):643008
          Entropy (8bit):6.475804927379698
          Encrypted:false
          SSDEEP:
          MD5:4C62CD83B27CC97C1F223D87A1342609
          SHA1:48E49A46D15CD6DD9C9D510598630FF90AA04405
          SHA-256:21B2599255DE6BB4FFF70FD8E1213FB68EAB4ECDF9C6E62E098E1C377B9F549F
          SHA-512:4C5F5371F52B5F12E1BF9CDD880F9F7CB09A3D4301D57A637A4B862988D01BA1679907E74D4CE4BF8CDE3B94BDDA2DDAA05749637CB775081FD276412EA47C16
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........*...y...y...y3..x...y3..x]..y..qy.y..x.y..x...y..qy.y..x...y3..x...y3..x.y...y..y[.x.y[.x..y[.x.y[.sy.y[.x.yRich...y................PE..L...$.<b.................n...2....................@.................................L.....@..................................K..(.......@................?...`...\......p...............................@...............X....:.......................text....l.......n.................. ..`.rdata..\............r..............@..@.data....J...`...6...L..............@....rsrc...@...........................@..@.reloc...\...`...^...2..............@..B........................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MicrosoftEdgeWebview2Setup.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1613584
          Entropy (8bit):7.928885269713536
          Encrypted:false
          SSDEEP:
          MD5:BFB1DDF7FA6CFA1153B09DA5046A03E5
          SHA1:000AF4A0A2229D6829E7712837B70F8D3FBD93DF
          SHA-256:77298B0354A60501774F4E6FDC1E34899228158346E77C3A989F95899ACBAA2A
          SHA-512:D0BAEC7279DE0BBE40A27026156868A709EE0B69787F2C1256BA14494E43B35BF22FEFB4937F79FD41B9F930B0833BA128B3164A07A5EDD0296F3BF215A48E9C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@.......................................@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\SecurityScan_Inner.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):9860336
          Entropy (8bit):7.9957035239087695
          Encrypted:true
          SSDEEP:
          MD5:555332D3D4F3197D171CB5B1331B15D9
          SHA1:C484535D048AFA74E96E80DE8A5882E75CC81F88
          SHA-256:03125B0850EE880F80F8E6A164CE2BDDEB65106771F1A71ED46C06B8F87A8DB4
          SHA-512:8E7E329F238A3BB1E5F6F847EBA579E20B9B0C047B73F922F76AF156BAE2B9CE28413B671994DAF3BAECA8BF4239CF53C9E2C5BB5F7634A1B71D622D3270A672
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`............@.................................0........................E..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\System.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):35200
          Entropy (8bit):7.278358293307135
          Encrypted:false
          SSDEEP:
          MD5:A38E7212C958A2466C91D06C7E7E08CD
          SHA1:90FC6AFA017D4BCF5E4DFD17460E2EF3380DF31D
          SHA-256:76F80D4ADD843D5E2B5BBD3C7DF915035806571E622B6DBAC55D13FD4AFA9CA5
          SHA-512:F6D9320D69F0C4E8A58283705D9BDEE17066B914E6262AD98EB3A4C8934F7EC7384296B4649E7C64C2FD5D85042713B40F635E90EFA2D797E91E8A2CDD9F372B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`...........@..........................2.......0..P........................[...P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\UnInstaller.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:modified
          Size (bytes):638
          Entropy (8bit):5.1170666732595915
          Encrypted:false
          SSDEEP:
          MD5:3D4A63890C3559291301D9BF79837E9F
          SHA1:D3B4023510AD4A5A1D90B790A46596A2159C2A18
          SHA-256:1AE3FF0EA0A4F652477C6D7FAA07374BD676BE26C611A0DD1A891D36C99B9623
          SHA-512:C83A1F3C624B3E423D7E73F55C57CF292CAA27BB360FB2481259C8C169A79F263C2BEBDBA6FD6E7DEB7F47622EDF25B336372AEA5FE163E09C4457717A26C094
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION =C:\Program Files (x86)\McAfee Security Scan..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\ftconfig.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [DataAnalytics]
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.0826755320356485
          Encrypted:false
          SSDEEP:
          MD5:62AA0E131ACA3C262A709155696CB68F
          SHA1:350B8EA9950D8ED32EBA26D2F4D5D94AA97BC590
          SHA-256:0EEE12B0FFE65CB39C8C624B5D43085E8859B1F0FF4EE05E1921790055BEDF23
          SHA-512:3CFAABEB150803C0D32EA5593748A1F5BA23702617CDD2EAD82FF11AD61C8A8BCF63A67573852035D210F56399065865ED16D6F2606BF1420BBEC1DD4413E3CC
          Malicious:false
          Reputation:unknown
          Preview:[SecurityScan]..ScanParameters=SecurityScanner.dll /auto /nosplash..ScanUrl=https://liteapps.mcafee.com/V1/StaticUI/Default..HelpUrl=https://liteapps.mcafee.com/V1/StaticUI/Help..Rank=10..RequestedAffid=0..ent-detect=1..eula_major=3..eula_minor=0....[DataAnalytics]..TrackingID=UA-49812791-4

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\mc-webview-cnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):754128
          Entropy (8bit):6.410611291801307
          Encrypted:false
          SSDEEP:
          MD5:CD7D48BB339C72CCFE7DA3A3164180BC
          SHA1:E806553AC8B062CC5AF5728FA56FCB5E9F7E0C7E
          SHA-256:7C518FDD5FD65A0C69772A6727AFCC649B4032C9B2CDDD6048F2EF13DB4042A3
          SHA-512:05985736B987A58FEEF119133034E579C0A3AD64134566A93A987595163C07D600C943A33A7ADC223C4337E331D80CA7F695DD1F575F1B8D221AEAE3EA1284CB
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................r..p....p....p...............................^........../....G........Rich..........PE..L.....Mg...............$............@........0....@..................................l....@.................................x........................>...C.......i...k..p...................@l.......R..@............0..@............................text............................... ..`.rdata..,....0......................@..@.data... ........:..................@....didat...............0..............@....rsrc................2..............@..@.reloc...i.......j..................@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MSSPResExtractor.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):377392
          Entropy (8bit):7.282361172764569
          Encrypted:false
          SSDEEP:
          MD5:1D4D8B99FD6458313A6BEAB28A1AA34C
          SHA1:4CC8BD60F4E579A1DC05EB8082F0A36B29D1CFFD
          SHA-256:F64B316542A756EEA0F0016C05C5F902A8FF3F2A61D7A2C1459716A5F3220AB6
          SHA-512:BFCB0D1A88EF03F5B1CA647360A78B60209F8835C4DD0DD06CAEEA06BBEF89621CC65DD0C376C8370DB20C6F123BE454B9730F6952F9189BBC65C4A58CEE814F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p......'.....@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............|..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):400752
          Entropy (8bit):7.121517425386084
          Encrypted:false
          SSDEEP:
          MD5:6385D9CAD8F2CB279F1140DAE260EA1F
          SHA1:DC7941FDDB5EF4CA2ACD3ACAA3A5C0D026CD93E7
          SHA-256:99F228E168D01DAD320CF2D2F4D933B00286E3AE2C6FBCC8586D3B1914AF6C82
          SHA-512:111110C88A375BF62E98EEB10E198BDA2B4269840CB888A6CC305094D430FA87A190C1995D51C33510A8BCA44F05B187409AC4207836C2A3EE2ABC2F1FC0E133
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...R.Mg.........." ...$............................................................"r....`.......................................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerRes_LD.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):178688
          Entropy (8bit):6.297651264205145
          Encrypted:false
          SSDEEP:
          MD5:770AB7FC22BE75C6BC6184D7276B8DA0
          SHA1:3C66B1DB9B261DEC33D6614C38B888C3FCC42115
          SHA-256:7C82A18D223BBE137E5103AA12081AC48CDB09562A29FB3A360D5FAD063D1339
          SHA-512:73DDC9B998073CAEED1716F0B73B6A40E3BFB5E1A0E74BC1947DFE4A1733083F27BDA0743931ABC4669297C89B8F8FAF9793EE495A8BA6085BCA54879869120F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...U.Mg.........." ...$............................................................#n....`.......................................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McInstallerStartup.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3264888
          Entropy (8bit):6.40811281223321
          Encrypted:false
          SSDEEP:
          MD5:2296AB6FFF74334D61FC2228944FF575
          SHA1:76AF0C11E916D50A4B17C5895BAC649440228CC6
          SHA-256:870884A712873CD0A2EA41F595D1A6F2CE927D1A3DC5C7403FA5C2A68A829563
          SHA-512:C0B8E1667C8F3358A782060A795397F6069701592A71BFC3EAA50D338AE60CDE9666245C8BE52E954DCFCEE8FB28F4A34B754D1368CADE3311A77FA02DDC694F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......~..@:b..:b..:b..q...7b..q....b..q...;b..:b..;b......(b..q... b......7b......Ib..q....b...T.>b...<..?b......9b...<..2b..:b..``......db.. ....b.. ...;b.. .`.;b.. ...;b..Rich:b..................PE..d.....Mg.........." ...$.."..*......hH.......................................`2......}2...`..........................................7-......8-.......0..!..../..A...81.x.... 2..8..l<).T....................=).(...P6$.@.............".@.....-......................text....."......."................. ..`.rdata...t...."..v....".............@..@.data...T....p-..J...N-.............@....pdata...A..../..B..................@..@_RDATA..\.....0......./.............@..@.rsrc....!....0.."..../.............@..@.reloc...8... 2..:....0.............@..B........................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUICnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):749008
          Entropy (8bit):6.34694268310319
          Encrypted:false
          SSDEEP:
          MD5:3C33FEB50BEE2FD598E73D5E6C5744AA
          SHA1:F1AE28FA57EA9AC0EEEEE23A2A002E7899DF351C
          SHA-256:BA91E402DE201FEF346731AD3A1ABA892B1B746D027452E35C33E18D4506D72F
          SHA-512:57F92D655E780B272E45280BC10E113F56D4F21494FAE39FD8040FC16D31EB828A5D69EEE967D799C5424B1F229DC2FC1A7AF70D6BF6419CA9571CB8DAFDDF77
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........<-..]CX.]CX.]CXB/FY,]CX.(GY.]CX.(@Y.]CX.2.X.]CX.(FY.]CXB/@Y.]CXB/GY.]CXB/BY.]CX.]BX.\CX*(GY.]CX*(FY.]CX*(JY.]CX*(.X.]CX*(AY.]CXRich.]CX........................PE..d...B.<b.........."......R..........DZ.........@.....................................x....@.................................................8...(.......@....`..LY...*...C......,...X...p.......................(......8............p......(........................text...4Q.......R.................. ..`.rdata...p...p...r...V..............@..@.data....d.......D..................@....pdata..LY...`...Z..................@..@_RDATA...............f..............@..@.rsrc...@............h..............@..@.reloc..,...........................@..B........................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\McUtil.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):668384
          Entropy (8bit):6.415120440692156
          Encrypted:false
          SSDEEP:
          MD5:9A2846E6C98CF5FE15299EB5016845D7
          SHA1:F81A129B0A47F71627DC289424F61A67E6FE97D3
          SHA-256:336A32B47B1906080285480331A605E3301763A5CD86041BEDE64231CAFC5C82
          SHA-512:0B35AE8F22BAA2F29F1AF804E87793393570FC350B62033B287091ACC1DD159D8B81CBB182D431406401789ED7BCA923E6558A627D79883B483990596A847F55
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......Y4..U...U...U...'...U..O ...U..O ...U..{:y..U...'...U...'...U..O ..MU... ...U...U..?T...'...U... ..=U... ...U... {..U...U...U... ...U..Rich.U..........................PE..d...2?.e.........." ................`t........`b.............................P......C.....`A.........................................D.......J.......0...........T.......@...@......l...p.......................(.......8............0...............................text............................... ..`.rdata...6...0...8..."..............@..@.data....A...p...*...Z..............@....pdata...T.......V..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\MicrosoftEdgeWebview2Setup.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1613584
          Entropy (8bit):7.9288761652508155
          Encrypted:false
          SSDEEP:
          MD5:C992028604D91400D489F8CAB4B44469
          SHA1:C50DB047B19F0A710DE89D19DA907F1FAFBC49D8
          SHA-256:C5A0CED608AE34E91B87FFA94FEB020598A654FE185124287A3CB0658784A129
          SHA-512:C1BBCEFC592F8F619A9CC5CA27BEEEE308FA1A63D68451E32DF42419B0D787F3B177FC81A4D148EB93903E8C47623271EB39E886694A735B4CFC1F91C229A788
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@................................./B....@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\SecurityScan_Inner.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):11838184
          Entropy (8bit):7.996911973188253
          Encrypted:true
          SSDEEP:
          MD5:B1C61A18F2D4DF62EADD460D5BC7D7E4
          SHA1:4383ED82906F88C262002D26648DAE735E35B04A
          SHA-256:3B8457AA6BB18843C393CA69757EA8AC3632AC8C417BCD62C15A84486882E76D
          SHA-512:8A925CE4220ABF8F34FBF88C29939E59935091E34B3594538C025586F64B071B0297FD4DC592FFAF9FCCC878E19C046B65B4C01A80BE73E38F4C412A002A812D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 4%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`...........@.................................0........................s..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):162264
          Entropy (8bit):6.188393265219696
          Encrypted:false
          SSDEEP:
          MD5:8838E584DE6B554189DA0297B36AFD2B
          SHA1:3FD613F6C14B484446C71AA651D2CCA2C3515E2C
          SHA-256:28B898E4433291C969CD4F3BC46377B195527AD9138DF2FA57243CEB6717A6B9
          SHA-512:57984D7C948A2535C25EE01703E7DBE208768F9A8711392928107C603D2158A224ECB6F4A25C3E6E5C60EB13D08AED8F921770AF0D55A3376647DB1CC7A7978D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....N...........K...............................................p....`A....................................................(............@.......R...'..............T.......................(....a..@...................(...`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\installer.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):880
          Entropy (8bit):5.287153058757726
          Encrypted:false
          SSDEEP:
          MD5:E1C18A8D3852851885D96E7F1A5185A3
          SHA1:274DB7DFA0D7C9C7F7E12C5B068F27088395D3AF
          SHA-256:FF74D32030255DDBEA3C261A2B441C57EB3DFE99924F5AD4E7C2E5D638C9A309
          SHA-512:CD29E1A7D1C943FD98BDF473108FA558546BE21594A37DA4E710CAB4C6093D408C1F64A530857630730A00ABD696501EA5BAAC34C0C249DA258606BE15C2017B
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM = /S /inner..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mc-webview-cnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):856952
          Entropy (8bit):6.258722668913684
          Encrypted:false
          SSDEEP:
          MD5:91A2BFBA73F7A9803EB559860E6D2F78
          SHA1:8E55E534D1718860A788DECF7D15A02E5E22ECD4
          SHA-256:42686E47D87202A984B9A3D0D19F8B073F805F4E3D1D348BEADCB4445D312DDE
          SHA-512:EF7138C4E81127E1C7078215786B970DA4D44FD0A5CD0D045D0F5F3D0CD52706737150F1BFD9FC2D48DD139C7B2B84F4490DA44BE4A525003B08D0668BBA5452
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{...{...{......{.....f{..a....{..a....{..a...{......{......{......{...{...{...{..Oz.......{.......{...{i..{.......{..Rich.{..........................PE..d.....Mg.........."....$.............n.........@.....................................%....`..................................................g...............p...^......xG..........ts..p....................t..(.......@...................H].......................text............................... ..`.rdata.............................@..@.data............H...j..............@....pdata...^...p...`..................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\mcbrwsr2.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):654520
          Entropy (8bit):6.346078351326325
          Encrypted:false
          SSDEEP:
          MD5:48D4B0D428ACF453D8B738C4EECB97B8
          SHA1:45C524728F031E5F950EDD8CB6BCEFA891479653
          SHA-256:C54EBF13458A1B48A7D21F57BF3F064F0E9AF2D555C304A080058D3226BD7ED3
          SHA-512:BEBEE8B87980792124273EF79139EC1EDDA35AD97B8F29FBD9D80982FEB266432D4681AB3D5679C18F5FFCE5D5F1456921E52605B3B08061A8CC762B86EAC410
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:unknown
          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......BO....|...|...|..\y...|.T[x...|.`A....|.T[....|.T[y.[.|..\....|..\x...|..\z...|..\}...|...}.//|..[x...|..[y.*.|..[|...|..[....|......|..[~...|.Rich..|.........................PE..d....?.e.........." .........6................@b.............................@............`A....................................................(.......(.......`T.......@... ......xB.......................C..(....t..8...................H........................text...l........................... ..`.rdata...e.......f..................@..@.data...dY...0...:..................@....pdata..`T.......V...F..............@..@.didat..............................@..._RDATA..............................@..@.rsrc...(...........................@..@.reloc....... ......................@..B................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\x64\uninstaller.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):632
          Entropy (8bit):5.0853290119489465
          Encrypted:false
          SSDEEP:
          MD5:CB07146613AF41E92EF07E2052969646
          SHA1:5F4AA02DE1B872135CC9827E21460DFFA5DDD347
          SHA-256:946FB534E50D767BC91DDB348A35FCEBC1019A428673201DE2750BE4447CEDDC
          SHA-512:E774605DBB60DF98815E43E543EA7472350F46563E6D6A5B7D22B0EFB11DDB29F26B32021E49D723E970AE3229E2BE283C8C054C40DCDCF503CE4CF2A40E9866
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = %programfiles%\McAfee Security Scan\..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\MSSPResExtractor.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):377392
          Entropy (8bit):7.282404881793305
          Encrypted:false
          SSDEEP:
          MD5:5DC3CCE86B3CEEB218E9F863F2F6138A
          SHA1:1AC9E4569E740935932902DE75800F764DC8CF48
          SHA-256:D9A51DB6BBC42F95E42E78437E84CD8F08B46612DBB302474C8AFD808BAB3560
          SHA-512:DDA90E140DFAB47B58202413710A0FF84815FC7AAA64C623C9B84839473B01334F68425A423C04A727362AE89EAD3BF21D47650EDD0D52B4FE7F4CA584B8C4C2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p............@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............|..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):400240
          Entropy (8bit):7.124668438872334
          Encrypted:false
          SSDEEP:
          MD5:E17E42295EF88B792D3AF84A87FF76D9
          SHA1:4AAF1789B57B5EDBBAF6CE416B09E191756124B5
          SHA-256:8FACA2B9ED48DE9DBEF7B6C8ABDF93DEB809736F3EEC4E3B43E8C8844311F6AD
          SHA-512:3C9E5EE4E01DC3B397D4550FDAC8CFBAD8A3BAFCC31EEDEEBB6BEC495BF28E381B9E4FA4451BF12CAC8CCAB6C50C99DB93F84E2F73F8B9DA594696D167AB3CEA
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...w.Mg...........!...$............................................................6.....@.......................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@....w.Mg........................w.Mg........................w.Mg........l... ... .......w.Mg............................................RSDS...>...A.3....z.....C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerRes.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....2..@....rsrc$02................................................................................................

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McInstallerRes_LD.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):178176
          Entropy (8bit):6.301457895933317
          Encrypted:false
          SSDEEP:
          MD5:8A5824509967A5629F2796F64D4C2FFA
          SHA1:C4BE38D93CC70259F3947DDCF31488203C53C0AF
          SHA-256:1C17FDA60EEB77E644D90B5F58180FFE6806F34D90896CA639E2224D03A53BAE
          SHA-512:83CB1F45EA629F2613AE771EB545CCB7DFD43F1CF51EE5FC612AB47315C78661D6E82C4E58718D35FD794CBEC726C58B764B65C80770FA9F29C3FBDE3DC6A991
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...x.Mg...........!...$..................................................................@.......................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@....x.Mg........................x.Mg........................x.Mg........l...$...$.......x.Mg............................................RSDSG...[t.B.}.b.3......C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerStringRes.pdb.....................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p*...w...rsrc$02............................................................................................

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\McUtil.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):547496
          Entropy (8bit):6.667744702863496
          Encrypted:false
          SSDEEP:
          MD5:2875B97922FC5866CCE10CA7E41764F6
          SHA1:0FD21C7EAC44C31B2C93C7A2F883D8156D514F7E
          SHA-256:6BC65601A06E448A5A74BAD1C1A38F7A506B0CD40F1D998576B43D15C5BFCB33
          SHA-512:8CC027DBC038B80E31C74E141FED47CFE0B2FAFC61EC73834249D629543DD248E35726BEBAA24893CC904AD8480084E1E83C30D9F860F2FAFB1E701AED479A0E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........1.]P..]P..]P..."..OP..."...P...%..LP...%..EP..l.V._P..."..FP...%...P...%..YP..]P..DQ..."..FP...%..}P...%..\P...%T.\P..]P<.\P...%..\P..Rich]P..........................PE..L....>.e...........!..............................`b.........................`......$.....@A............................................................<......lK......p....................0......@/..@............................................text............................... ..`.rdata.............................@..@.data....0......."..................@....rsrc...............................@..@.reloc..lK.......L..................@..B................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):117208
          Entropy (8bit):6.488135475856746
          Encrypted:false
          SSDEEP:
          MD5:91AD16B368C7703E9B3D7AC665D67A47
          SHA1:95C801D6D350A5820607253C7A3B7DF527651575
          SHA-256:5659CBAE9F3D412662515671A6C85AEFE08EEE17118C3DE1330A2FED74DC415F
          SHA-512:CAD3A972EEE03ACB3E8EA4D5D1D306EBA0E2FF65388250EBEB65FB36CE0DEF82323487A70A9FCE0D8DDF633F68A12619B3650A1BF2E2CE4876C47F5EC023396D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...vS@e.........."!................PD....................................................@A.........................u.......v..(........................'...........n..8....................l......`............... x..<...lt..`....................text............................... ..`.rdata...u.......v..................@..@.data...,............z..............@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsz6D3B.tmp\mcbrwsr2.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):538720
          Entropy (8bit):6.652652805025692
          Encrypted:false
          SSDEEP:
          MD5:4E87CE2F2F5A417B6BA0483C7BBDBB34
          SHA1:00AD3D3809915B2DE51000A62DDCD9CC518E7162
          SHA-256:CDAAC280D26AB706445DA1C8CB5660438B3E2727C48FE26510769E006EB97507
          SHA-512:A08A12A7CED53934B380DAA64072965C9F6FCBAB40C72E1901840879957EE91A2FD6FE25D7E42B8621823F81F1AC8FC0B9469EEDED53FB910902D1334619F719
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........7^..d^..d^..d..e.d8.od_..d..eO..d..eF..do.od\..d..e...d..eN..d..e...d..e_..d..e]..d^..d~..d..e\..d..er..d..e_..d..md_..d^..d_..d..e_..dRich^..d................PE..L....>.e...........!.........r.......1............@b.........................P......x%....@A........................0p.......q..(.......(...............`<......<W..................................hL..@...............d...4c.......................text............................... ..`.rdata..............................@..@.data....@.......,...p..............@....didat..............................@....rsrc...(...........................@..@.reloc..<W.......X..................@..B................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Install_complete.jpg

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2010:08:18 14:02:33], baseline, precision 8, 484x91, components 3
          Category:dropped
          Size (bytes):41226
          Entropy (8bit):7.509911955870971
          Encrypted:false
          SSDEEP:
          MD5:43A375CACCED659FDE2F4FA45EEB1433
          SHA1:A3B15DA958CC65CBE85E6366284186F3FAA01255
          SHA-256:23EF32BA916061060EF03AAE528073E3F480BA379D37CD90F323974BBE246266
          SHA-512:62AA9ACE35A4627B274A87213EF725B8C9B9CAA831251EC30033B9E31DC2746B41959D3514203DFCD803717EB02CD5555681FF5E5BB592CA08CB934751F9FCFB
          Malicious:false
          Reputation:unknown
          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2010:08:18 14:02:33.......................................[...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....:...;...U..&my....c......}........8..c6.......dk......<T.t..V..{...|.....5.D..bT.u|zosc...."?..T....:.ub..../.c\

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\UninstallConfirm_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2997
          Entropy (8bit):4.872557104222716
          Encrypted:false
          SSDEEP:
          MD5:D563943EA1FFD621BD264A8882C332A4
          SHA1:AE53F4A473FC36173D1649777AA8CD8FD9A58421
          SHA-256:2DB17E1A9AE0A55A2ED4C113D43324CEA64E2E967A7E50CA1983EC0CC3CF88D2
          SHA-512:DF70E1C41C780E30B37973AA1033B11D43EF98198703E9552A64732EB77656CA34C756941EFFC2AD7960C58EAF159BC61470FB04B77AD5655A84B15AE153EE1B
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Uninstall_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):4514
          Entropy (8bit):4.539833060720786
          Encrypted:false
          SSDEEP:
          MD5:B325722E6322D345CD32342D1D4ECF9C
          SHA1:BF591D7BA2E2C8B655AB79A6FF975177271AE774
          SHA-256:CB5F354F5C6F9819FF0B9F49A5BEE5D73CB5AE0647091DF7B3AC8F23C2D77F30
          SHA-512:66582E02930C4428BD8DCE36141C1F2DECC609C2F4DA48798DF818DA7FFEB47DC097AB3AB9CC716309689176B1E263459DBADBBDD064326ED94B6172F7E4CADE
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Welcome_Install.jpg

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PC bitmap, Windows 3.x format, 484 x 91 x 24, resolution 4724 x 4724 px/m, cbSize 132186, bits offset 54
          Category:dropped
          Size (bytes):132186
          Entropy (8bit):7.387378622012761
          Encrypted:false
          SSDEEP:
          MD5:F24AD292467A3D233D401070B42741E6
          SHA1:50FD3C45E543F9097C8981E803EBB5CED4E30F36
          SHA-256:0A9EA6FA0DDE99F1835BC33887B7D4D0F8B3ADBF5EE2BBFA431A5ADAB7A6AECC
          SHA-512:9B176535DF6AA64ADFBA4DA5DE3FF3CE4B091272E9A778C413B3B9450726A1CFB2EB4CCFFA99025C8A638BD7D166EE791E5EB18CEF7D2BC1F15F6FB9C859D433
          Malicious:false
          Reputation:unknown
          Preview:BMZ.......6...(.......[...............t...t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 59 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):4304
          Entropy (8bit):7.8994200347038515
          Encrypted:false
          SSDEEP:
          MD5:8D7D3D3C5D61A6620D3890820DB77BD0
          SHA1:0AC007394C3C8303524CD7250376FDBDAFE10F45
          SHA-256:007A384AE21D54D657EB98C78BE5F0C4724789170E859FF16921B72CD1A671CF
          SHA-512:8F58E94D64763B4CB333EEA398CFA608946801430BAEC55A93E5DCA8913D3D8CA258382E3112545285ABF1740301D0A06C12DC8155C45691024B4209C84C1B28
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 59 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):4325
          Entropy (8bit):7.903666877414893
          Encrypted:false
          SSDEEP:
          MD5:8FCAA8C7268118335034B27461C49374
          SHA1:D89400EE2355400765CF2B12086288CF934F7AA8
          SHA-256:625E2AA199F448F9F5F7F4B96F452D5FD5555B5C9B117375BA3D96C57A6CE0AE
          SHA-512:D467E69AF9281671E42773749C86F72E9B51453F6545C8D505434476D4A27EB6EC5CDF62C41A8ECC53FCF339548A962E344A6DB055364D4E49054BCC7090E8BA
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_x.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 12 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3641
          Entropy (8bit):7.89981024396435
          Encrypted:false
          SSDEEP:
          MD5:D85B46E10E787A0978ADBA49FCCB1C31
          SHA1:A66AEF857AFC5E22A12050B037AACCE5AC3D8DA8
          SHA-256:6C6B70561D1AAA35F4525E59E8B0DE6FE0AF707B83405448B38F544CC771883E
          SHA-512:97CBFDDCDB13B7EFAD5F2453EA6AD6715CCEAFDEC301F47A17A4D0DD7484FCA98C724A5DEC0A56061ECB84D349316A66027B2956F1F6CF18F7CCC1299D94BB66
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......;.....x......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_left_y.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 53 x 1, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3607
          Entropy (8bit):7.8985827194202525
          Encrypted:false
          SSDEEP:
          MD5:4C60C0936E576D4829FCC2AB0B27567E
          SHA1:E43F32E9B30025103D260399EA64DE87A3B1E2FB
          SHA-256:7B77EDB6F6D5B8B1CB36D252292CA19633462E566318823B4F8EE779C2209B1F
          SHA-512:C32C734AF91D0A8DD5455D899BC56A1E0D860277326EA30D42B8BB896F007E1566D4BEAE2A1BAFBF034387B371E2D985BC4E14956AB82B3405579BAA4A5032B4
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...5.........I.......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progress.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):3120
          Entropy (8bit):7.880684704052909
          Encrypted:false
          SSDEEP:
          MD5:B7416FE546BE3165486C7BE6D78480FE
          SHA1:A9194A7F3EFC267301A2FD10A60015A2E260BB49
          SHA-256:2BFEA1538DA76701126D0F6C104F4DFD2714FC30F0A4ECCC3ACC0FCD17F16E15
          SHA-512:1D4C664316B8A1F50AF09E5FE26EE4574079BDB9D5AE4E34F22604C7ABE1C5FB22C214CD6E246EEAB0D81E0D48ACF0D883C2C65A209DD7FA5E72B0144429E44F
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progressbar.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 1 x 25, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):2815
          Entropy (8bit):7.866839551548217
          Encrypted:false
          SSDEEP:
          MD5:3B10D089B98CF035317ADD8FF1D69C34
          SHA1:87104A42B273AD8911293E1FDB831A34076F6FBE
          SHA-256:C8393D1AD135DDBA989912CBD186048549ABE6C3AF83D10EB7B18DDC3FCDB1C0
          SHA-512:912AACD3AF302D1FCD8E96E1648053B7ED550B1648A60E17779DD6677A4F28BE394A1FD23251F4559BEB02B7E4190E5513BC67DD6EA384B857F8D54E7B467D5C
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR................(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_right_y.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 62 x 1, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3608
          Entropy (8bit):7.903417886255168
          Encrypted:false
          SSDEEP:
          MD5:04A1090C757D176D0952E0D647E04C1F
          SHA1:457BAECA38521B9C0CEF8B1DC76BF1C38634BC63
          SHA-256:0AD49B2DF7B89C41361B15F260438B48E4611464BC722EBA28D7BFECA8EA987D
          SHA-512:B09DD926622DBDDD9EC1645B6DF662D2E1526A04E88087633842AD6A7D1C53828AB03EE73D3B9FD24C170F146DEEB26A9530555406C9DE9B5EFE7E041A833181
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...>..........3......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_status.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 160 x 25, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3710
          Entropy (8bit):7.895978902318277
          Encrypted:false
          SSDEEP:
          MD5:6839C3C2F327F8C26EE682B4F09121F9
          SHA1:FD23060C89E0887220BFA97B4140380FE9DED2D6
          SHA-256:4108F49369448E4AB0BCC2EDDEBF1013C21BC82CA423FD64B524853A58BAB4D5
          SHA-512:321E49DF861B146608E163DCA45F57F709FA7950F20EA1F68723B9CEFA16E2E3852CFC102BEB88CE8B6334525B50AB2BC4BB809581567FA7B410D286A7AE2696
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 347 x 79, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):8389
          Entropy (8bit):7.934081204308378
          Encrypted:false
          SSDEEP:
          MD5:6D4C0979F6FAD6FCC571F283EFD34CC8
          SHA1:2B6D74CC16133D287AA6EA8157B2DC3BCEE3937F
          SHA-256:D9BA134F2ECFEF8D29E102395BAAF026DAA451F4E0C4AC8F9E6B1F40B628A403
          SHA-512:FB8E8B9AFE604D89D3E3B945D87C680D516FEDA69967119707DB8660EB3BBAC5C9E68BE447C86B638A272DA8458535FE293C9AFB7A6D15D097E56602181EE9E5
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...[...O...........tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9C823A1C2CC011E8877CF836C8B2E5A0" xmpMM:DocumentID="xmp.did:9C823A1D2CC011E8877CF836C8B2E5A0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9C823A1A2CC011E8877CF836C8B2E5A0" stRef:documentID="xmp.did:9C823A1B2CC011E8877CF836C8B2E5A0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.oFT...:IDATx..].|.E....5.d..IHB .)..1.9..\.(Q......@.T\..?....E..-*.A.H8..A....F9....".19&.df.uWwM.L.d...z.!tWWwUW.....

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 30 x 76, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):4681
          Entropy (8bit):7.893974118949307
          Encrypted:false
          SSDEEP:
          MD5:3382676A33AA89BE12A0B5408E65AA70
          SHA1:ABBD24E4ABA5E4A5DAED5698F3BBD2698700CE01
          SHA-256:04EDEF2BF843550E453E5ED35A450C53E76DA254C5B58A442913A8E1D37ED2A1
          SHA-512:3496D8EFF45449C98BB0F859579E44B4EEF902280232777D2AEE7E2F69450C8DC3FB7B28D42D91BE264D3A6734A7C3F52A604DF5684C88A3F5FE9407D70FBF4A
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......L.....M..l....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_x.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 7 x 76, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3673
          Entropy (8bit):7.905104941909895
          Encrypted:false
          SSDEEP:
          MD5:B19C7A6D032CBBEE8093159057655B55
          SHA1:366EF075D0ABAA78FA03EFA12B70A97F98196002
          SHA-256:45EE2939A1B93789E6CFAD7DB3E335EF0EAC0E5BAC5F145081699EC63BC3D73E
          SHA-512:6E5A2E29E54BE01FB70D68AC7580390AC194FED47AA0C1DA16217E38F4C015F406CE629B231CB8ADAC2CED341CAD606100855977823A1F938C33EA3709EFE8EB
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......L.......]N....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_warning.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 1 x 52, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):2852
          Entropy (8bit):7.869461268734393
          Encrypted:false
          SSDEEP:
          MD5:59AE56796B6C9C69B064E288C1950EC9
          SHA1:E52F6EF1B351778ECBB15DD609BF6716F6C2BCF2
          SHA-256:AEAAE2F2BD07BB724FA96E203BA0389B23F520146D588C9774E28AD7DFA6FA68
          SHA-512:34A38CE76C8CE6F40A486E51A1B7033D154DB052EBB1727E7A232B6F095724DA496540387527601EDEDA78DB18DD6FF0F3EB91D4241F776052C417317942A8A4
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......4.............pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_close.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 17 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3644
          Entropy (8bit):6.8351106813606135
          Encrypted:false
          SSDEEP:
          MD5:72DEEB68CC1FEF7440E2646453230292
          SHA1:C0C2E8616DF084DD61EA7A80A18C3EF9D67BF9DB
          SHA-256:DBB17150F14B4BFEBACD9FCEB53E3A90A1FC16A975093A320A075567EB2D263C
          SHA-512:F1B62E3E11BF8755E0D553466E2B10373AB4B829655D37A3E3B7BD82E46A1F8498F61412741509A83C911B220BEB998A59724F2C121120D5D6F9680B970A3DE5
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_min.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 17 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3627
          Entropy (8bit):6.831346885015074
          Encrypted:false
          SSDEEP:
          MD5:2E82C9D7CCC08E66AC3A25A86B935605
          SHA1:7D3606E3B74E96B4EDB1F4FD9772EAFED8D40ED0
          SHA-256:C4B4D8BB88B35EF8A861C7D1A562ED0D904C1C0D448018743FB7C54E623B7890
          SHA-512:4CCCF40C6BAC5A28A6514F56F72FB1A709C31CBFE1748523B0C643DF435C5B0F5AA1CFBE93E30BD8AF40FBA5447AE71E52521ADEE33AD428A55747BB90D5092F
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 10 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):339
          Entropy (8bit):6.3103093449208485
          Encrypted:false
          SSDEEP:
          MD5:EE5B2228811D94AF9890032671FA4C2A
          SHA1:26B2C94F7ECEC5E9800F5729647C93B814485A8B
          SHA-256:7E866549A0E5C34F54FA91D6EF8595230D372C35BBC9214C2B5E7257FCCACFB2
          SHA-512:A73829F4D07A52664BD96AEC73EB654F3F777D0E4214963E8281B07731DF06C9279D0BBDB93520B25AD2A20F9AA017B5D4233B8BD8F9928D8F59BF3F66703DCC
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...`PLTE.........................................................................................B.... tRNS................................\\.....]IDATx.D.E..0.............6DD..).....&.qA6..Q[.q..&{. Kr"+m..9...9.3.....)...I.$~S.K.......t......IEND.B`.

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):397
          Entropy (8bit):6.621501420011225
          Encrypted:false
          SSDEEP:
          MD5:D431BBD8760213BD86BEC73A4C6A980F
          SHA1:99F872BCADBF3D6DEEA5FC71E320B54BEAD14E36
          SHA-256:FEA1A6934A7BEB27EE089B266C60B73CAD9B375276E49A2DA5F5C4CA4822C256
          SHA-512:7ECBB56F3D14F706F1DD3315103CD0922C8BA3D46A50AEB60E5EA3BF7240C10EA8562BBCE85ED28A30AFE376B45E6CE4D73217D8A06E492B418857E45BAF21BB
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE........................................................................................;[....tRNS.................................v.....IDATx......A..Q.e.xfF...A.._.]:.R.....$B?.{.*.6.jN..x3'a....9...bN.r.......$...9...bN.rz...SVs......5'q9..I\N/s...`N.r...(c..I..7'1..4d.1/D<...J....0....6U.1.....IEND.B`.

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 11 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3712
          Entropy (8bit):7.893166546076688
          Encrypted:false
          SSDEEP:
          MD5:6455D5DA9B1E7913D46EB39C9BA37A1F
          SHA1:86D53B7F75B14366226AD87285D3C9AC2DA2BB14
          SHA-256:39BCEE59B7D24C9C9AC9E690C7907CC9D997B317F808D9F677F85910BF5F8B92
          SHA-512:C6021EC65779A748B496D47D36797FDC1D77F9E30B52E734C8E9B207D182AD3D27210BA1F14722E2BDD2CBA34AE4BD9FA985BCCF0A2ECBB1EF292FEA8B6D0482
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR..............fE.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3746
          Entropy (8bit):7.892892875194415
          Encrypted:false
          SSDEEP:
          MD5:90DA1B09726267DC51095725BDF34418
          SHA1:796A0E547FD88BDC66701ED7AA0CDB14AEF28FE0
          SHA-256:89702D85F8A1FA97B6851486CC55A59C327790EDB5BCE3B53529A9D21AEB46D9
          SHA-512:00CE752868F24703AD748650B1AADD014284846CF0A7CE4F0AFDD8B8F683ADF65B55C1A3417E64757AE5557E417DF25449DC5D141ACEB1B27D718FC80D45D8A4
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 10 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3723
          Entropy (8bit):7.891271924101642
          Encrypted:false
          SSDEEP:
          MD5:F1C6A87C653A14CE37B5444001858D51
          SHA1:85F2DF6C6846E0CDFC30FD3938B7050C0CC14F08
          SHA-256:74EEDB7E2CAB2B6782F2D779C3A746818469D98025F9CE2E8E316BD2BDBC73C9
          SHA-512:245FC8B693560B25F61D2238AC2BB04C268F97C1356FB82CAE148DBAF950B7AB99C9D516359D2D97FCAAA74DA2CE8BA4BE3F4A119CF1E12FF999171DA0280932
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3756
          Entropy (8bit):7.884924544816028
          Encrypted:false
          SSDEEP:
          MD5:92872F3C167298B5DD61D00B19ABF0CE
          SHA1:E48EF34456E1418B949FDE8F1CED9B2C7235DD0A
          SHA-256:0A85D609C22CE0BBAE5C3D628310F762867191EAFE50F4DD359F7A318FFB4121
          SHA-512:FE9F9BA5799DA92D5CAB159854DDFFA7178EAEE1F60817CA2967B1C67B4C1D79C9FD9ECFAC9F38BA55386472172E7B4F67C85D7C4001AA37890C4CF722ED6BCE
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 11 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3692
          Entropy (8bit):7.892451285158368
          Encrypted:false
          SSDEEP:
          MD5:DE6A7F757E562C20541C37F7B503C37D
          SHA1:DD71C92F502AFD441ED221B52291DE49F9181A39
          SHA-256:339BA6765564BC59F4372BA301E4F9E2AFE9087A87C16587B9017FC336EB11DC
          SHA-512:582C48F419017032B2FF8C0B9FD17FEA635438952021D062FA4271768EA85E6F74481E0C31CB4DA8EC086C0F09F97C9CA8A3DFBF5D92D7D0AF27876F768B53E9
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.............<?......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 252 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3717
          Entropy (8bit):7.890141472752654
          Encrypted:false
          SSDEEP:
          MD5:C742F3EED168020D62410FABAD01BF8C
          SHA1:73133D37029253E39CE78F6AF692EB7665ADFA45
          SHA-256:C85E9DB4226738962E620134559CC817AF1FE45D1D0E615D30B4F527D83C12A5
          SHA-512:DE6D6A8EA4AB5DA441F44F37607AD0DC913815B3FB0076C7E1AAFDE5D1BE9D0DEC75E12340454C2B896D51DC74008AA6D815D4FCF83515204F8190E5FC75A551
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR..............1.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error-bgs.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 66 x 164, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):10796
          Entropy (8bit):7.971084406088028
          Encrypted:false
          SSDEEP:
          MD5:B15AAB3C315571E97FEA906C3A537C98
          SHA1:25B95C02C8F794788B637574BFDC16D691149EA4
          SHA-256:19A6C60BA0CD4E41E7D8CEE56116027A0634862914E549FC83648DF5A16B6CAD
          SHA-512:CF9190770A8AB237491C6A4CE600A393FF647F20CDAD5A67080FF1699A9573369D04AD598EF37938688A775DA3C4AC5303B8507D5C1479B951426987D3B51EEF
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...B.........#I.w....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):6836
          Entropy (8bit):5.273167916674738
          Encrypted:false
          SSDEEP:
          MD5:E18403BC273B7A0C55F06A72511D02F0
          SHA1:E9D582C0EFA49B00BFF951A84E3E8B195A9B1E73
          SHA-256:72DD6DA6A5AE95CDC39D5A464F4B5A0727152F251FC0536C661D5BB44E77114D
          SHA-512:B5BAEB3158DC5BD5CD3401B343D83D30B80E629029F6E8F77E9FC017043252C49E144843F440668C5F8A61D70DB7E33111274EF8B31E63C4AAEB91ABC3B1740B
          Malicious:false
          Reputation:unknown
          Preview:<html>..<head>... /*BugId: 1076930 by Manoj Verma on 2 June 2015*/--> ...<meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />... bug fix end-->.. Script -->.. <link rel="Stylesheet" href="base.css" type="text/css" /> -->.. <script language="javascript" src="error.js"></script> -->...<style>...body,div,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,th,td {...margin: 0;...padding: 0;...font-size: 1em;...cursor:default;...color:#555;..}..html, body {...width: 100%;...height: 100%;...overflow: hidden;...font-family: 'Helvetica', arial, sans-serif;...font-size: 12px;...color: #555;..}.....buttons {.../*float: right;*/...position: absolute;...bottom: 15px;...width: 80%;...margin: 16px 0 0 16px;...text-align: center;..}....a.button {...display: -moz-inline-box;...display: inline-block;...height: 23px;...margin-right: 4px; /*NEED TO ADD CASE FOR LTR AND RTL LANG*/...padding-left: 8px;...cursor: pointer;...background: url('btn_normal_le

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\first_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1450
          Entropy (8bit):5.016079842866843
          Encrypted:false
          SSDEEP:
          MD5:250823567F1D125777A4AA3D9B4C633F
          SHA1:6642D5FE58559EB72FA03FF90AF9CA8C15ADFF7E
          SHA-256:31B893CE47FCB39E131CF21F98B344BB65CC300726C94125949B7C5391364B23
          SHA-512:F07DCC6D11C5271973D689AB3B632E61E4FF0D7F27F088D21A6302A78A0CC53E69FFD225FCDDD02EB4D5C7DE7E542EE46C73586333D11B1EB2832FAFDD58CC38
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html>..<head>.. /*BugId: 1076930 by Manoj Verma on 2 June 2015*/-->.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. bug fix end-->.. <title>McAfee Light Installer Hello</title>.... <script language="javascript" type="text/javascript"> .. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headI

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\icon_inprogress.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 22 x 22, 8-bit/color RGBA, interlaced
          Category:dropped
          Size (bytes):4330
          Entropy (8bit):7.878912081982501
          Encrypted:false
          SSDEEP:
          MD5:269C11AFA47FFDA54088E8BEB54992C4
          SHA1:45B53BA0CE5E1684AE862311FD7FB408BE84491C
          SHA-256:E436A7E13F794D52DF4249A2116F6C1B481F6AECD1E8735EAF9E011E228B7ED4
          SHA-512:C14765DED1245BE3A515FDAC8F65305A5E6F5DE2589E20FF1CA5A258C61B4796A57216C58FABBCF8F00C4F5ED32EDB963D45EC3F6C435537584A21A03739BE60
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...............\.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\install_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):4708
          Entropy (8bit):4.5415810822948215
          Encrypted:false
          SSDEEP:
          MD5:A44EF8A19AFDED068262C233DC55E97D
          SHA1:F4CD6C105A4C240BCD5E2F22C9FFF3F5C99D0B69
          SHA-256:E88DEF05A3480454BF9BEB90230ACB03ABE38D5431DFF482E376851560E26CEB
          SHA-512:7167DD7FAF7A02E0051422925AE99C2A9D7E7F85EAD75C01D444EEB0F0B0B61E64825DC763FFA976CC8E3907C2130FB1889DBFC2664BD93AE7D13AAA607BE1FB
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\offer_background.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 411 x 125, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):27914
          Entropy (8bit):7.990084757557732
          Encrypted:true
          SSDEEP:
          MD5:E876290C8FA17E8347076C3D387208E2
          SHA1:29FE5B621E0BC3FFA52ABDA6CF2264A0A023582B
          SHA-256:8FD1BE616F5BD83B1C95983AD45BC443E3ACA59876FB69D6DB579C9E9C2EFC4C
          SHA-512:4099B1CD201E772DF1A900EBEA155844112BE402FBE8DD65B4E4BE7B18C7D692F269D4620B0026829CC65C2F0467B7D8262537D79FB7AD20B7483D15426960BE
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......}.......Y.....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx..{..-HP.#.W.9....|..w.....*.m... A.!Yv...=.S.OU..,....Z.....M...........97..?........5.+.7....cu_._.OL.a.T..K.....:.._\........-..t.....w ..S.l..Q}.......O...#...L.o..............?~......p&..........j..I.N.....:.f!.cb...6......_f!^0...<.nL.'.Zq.s..A.|.y-.....+..Qo.N'].<....?.3.\f......U.K...P,.|u..v.J..n1..5........../....Y..~. ....l.w.C..C6~.h..*....W...9\.4.G....(.b...u...P..L......*o.z1...9.a7....?.....tamXY.r..C.W.B8....;.....x...q...**.=..!.....w....O\;~.....e.v..Tk$..px../|@.x..V.)..xr.....!..........1.....+._....H...}...P.)v...ko_..6D.7@.}..YL..z..=..y.8.6..u'....._.e.o..5..{...w>..~.....r:............bD.;...C...4^.P%...9......').2.&....m.N....1G.+9Z.......g+7..~._.Ph.S).Z../...;..a..6?...+.....oZ...rZ.H..b...{.#]y*....CSV.K..TeZ...F....*^...K.W..H.q..X.}U.BJ..3...p.c`....2...-cC..*l.-..5X.......n.._.=...2B........v.O]h.....g.r.*...W....T..bh..=,=*|E9..}.Sl

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\status_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):3568
          Entropy (8bit):4.746172367572746
          Encrypted:false
          SSDEEP:
          MD5:363AF35F2A418052058F626EBF657C78
          SHA1:B41E03BD98A25974E6019E039A2A88EFF33E1C3A
          SHA-256:2F7B77AE6931961CED0C3E627B756AA8B7DFA234448FD5E75B3FD30D05C46ADD
          SHA-512:8C53B204A0F306ED3561B2DF815C04606CD6ED40C50287B77F877F259B888EC3962BBAFD68A9712EAECE562C69C162E60ED41308983E00F3A71C33BC5C1429D3
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\uninstallEnd_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):3424
          Entropy (8bit):4.908390796851773
          Encrypted:false
          SSDEEP:
          MD5:6BCC42B7E36AAEA4977F1615BB9CD800
          SHA1:80275108208C6CCE5CCDE60BFEC1CF5E9296D020
          SHA-256:A2A4262A95D1861C8593A691195A681CE52C6667CC0AB6A6168B49C52EFD9070
          SHA-512:208DA5195548E2334723B45A82C617D7A32BCBA313CA6BBDD4820CAB3797404BF415C7D8C2691B1150CC4E0261E77F0DB686850B8D2FCC719F20D0CC9ED459B7
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 65 x 53, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):7471
          Entropy (8bit):7.946896059214694
          Encrypted:false
          SSDEEP:
          MD5:E83EE81A5FCC3F92E3349CA31C8DA567
          SHA1:3A44167BED8E580157693AE1D632020B359702D3
          SHA-256:AA6FFE226C3DF9E889AB792E6C76289142727D6E6A2BD9BC5A71754909FC5406
          SHA-512:B7A04407A0526307131DE6F08BE9BD5F26C896E58DE3BC663AA6CB12AE51A2F9A184F4FB9ACD3E73311CA1C7A378C11A3F2AD63D3B2E25EACA2A0DC85FA450FC
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...A...5......&......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):3408
          Entropy (8bit):4.792432380835198
          Encrypted:false
          SSDEEP:
          MD5:A2763D13BEF03F8B788F379C138340EA
          SHA1:E2D8933BE4C19A4E0EC8BEADD016673D0AF8615D
          SHA-256:0438BE464404D356DAD104FC81EEF285E2C4F9BCCEE9428C1BA25AB36EF94123
          SHA-512:F1EF65E2384CA38D00AF2B68AE5C335F679BECEA8C900AF9695A2AD3BE39F35F35D1890AE5CE3B37C076B3EE6443469C45220DF0F756FB1EAF49DF273A1F14FE
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var tag

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\welcome_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsl3F93.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):3575
          Entropy (8bit):4.7491198392497305
          Encrypted:false
          SSDEEP:
          MD5:94E0EFC80555876168939942CA56B256
          SHA1:B6ABFDC8B4ECC3CFB593D6A4A350FBAB5A384CDE
          SHA-256:8B9FA1022203B3959B5EC881C42E85CCB8B1D70CF1554AE343F794F4025F7CE9
          SHA-512:4DF378CB852110EC082DAF32E2BAFC00EBAC925C6636C47CD719C6C46C00AB8B6332FB73CB9E87A5AD9294EA4FC8619327EA3EE728610C8C678BA633FE0EB7A3
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">....<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var t

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):7168
          Entropy (8bit):4.327099566538168
          Encrypted:false
          SSDEEP:
          MD5:13D0C7255FF175483684FDEC45B795BD
          SHA1:B4225A208986CB9CF819DD3F596F5F05F1F7FF2E
          SHA-256:57B3E12BEAABBDD0EAB110F4F4BBD54B76ED447BBDD5A8F5D8E44A68C74A08AC
          SHA-512:78EA403C639B4070DB01EBA83A1C57433348B4F5362D7FA3BDC4579D8C90937A58440784C0AD197F44011AAA102C29BA3B2F4E716E66AB1A52A25AB4B74B6DAF
          Malicious:false
          Reputation:unknown
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Windows\System32\drivers\etc\hosts

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with CRLF, CR line terminators
          Category:modified
          Size (bytes):853
          Entropy (8bit):4.697478257371267
          Encrypted:false
          SSDEEP:
          MD5:FBE8706417F8AA8ED5FE95EA78EAD947
          SHA1:265437DACECEAECD638B506880104D2106769FA2
          SHA-256:CBCC8E35E586379E857BCAFFF9CA2AE8B32E6AF7C10A6F0AD440BF4246C28B39
          SHA-512:EDB7E4ECE7ADFE4A7E440A0FDE82C53CA00F2613F438D82CB2EFBCCEAD90A1153BB713890ECE69EAB738DC4A27ADD917194DF6D2EF93A60CBEC8735DDC8B3B19
          Malicious:true
          Reputation:unknown
          Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost.....0.0.0.1.mssplus.mcafee.com

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Entropy (8bit):7.999358916418884
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:SecurityScan_Release.exe
          File size:27'660'968 bytes
          MD5:d19f7fb266813e0fba1d009be48c40d5
          SHA1:49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
          SHA256:9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
          SHA512:a3277d635573bc7d45818a91bc6d1080439e83fb700486efc74dfb1fe6a1d97811e9c6cd4f158d083abc8ca8e5c4e3b703f3ce249069b69aace0c028fc1ce5dc
          SSDEEP:786432:2fWTg0k4wDw5NQNdJO6gwQNajcQQ1xZWq2b5hWsxFe:3zgw4wwYaoTTWqw7U
          TLSH:B457332C41812B4AD739C43D6F46F0EDCB7E7EF77A40B5AA6F2807447B699821C8168D
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L... ..\.................b.........

          File Icon

          Icon Hash:f0b34d6961f0130f

          Static PE Info

          General

          Entrypoint:0x403328
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x5C157F20 [Sat Dec 15 22:24:32 2018 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:57e98d9a5a72c8d7ad8fb7a6a58b3daf

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 13/10/2023 16:08:48 13/10/2026 16:08:48
          Subject Chain
          • CN="McAfee, LLC", O="McAfee, LLC", STREET=6220 America Ctr Dr, L=San Jose, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=2306741, OID.2.5.4.15=Private Organization
          Version:3
          Thumbprint MD5:B3515A8A7E95C305ACE3094E13C5AB18
          Thumbprint SHA-1:AAFB69C1A3FD4C2D5207E98F818B994664DB71CD
          Thumbprint SHA-256:E310C8CE8BDB286B22EFAD3B0FEC70867B7A888200331004C19DB3687CA9F170
          Serial:47E0D8578AB200083919FA11

          Entrypoint Preview

          Instruction
          sub esp, 00000184h
          push ebx
          push esi
          push edi
          xor ebx, ebx
          push 00008001h
          mov dword ptr [esp+18h], ebx
          mov dword ptr [esp+10h], 0040A130h
          mov dword ptr [esp+20h], ebx
          mov byte ptr [esp+14h], 00000020h
          call dword ptr [004080A8h]
          call dword ptr [004080A4h]
          and eax, BFFFFFFFh
          cmp ax, 00000006h
          mov dword ptr [0042472Ch], eax
          je 00007F3A690016F3h
          push ebx
          call 00007F3A690047E2h
          cmp eax, ebx
          je 00007F3A690016E9h
          push 00000C00h
          call eax
          mov esi, 00408298h
          push esi
          call 00007F3A6900475Eh
          push esi
          call dword ptr [004080A0h]
          lea esi, dword ptr [esi+eax+01h]
          cmp byte ptr [esi], bl
          jne 00007F3A690016CDh
          push 0000000Ah
          call 00007F3A690047B6h
          push 00000008h
          call 00007F3A690047AFh
          push 00000006h
          mov dword ptr [00424724h], eax
          call 00007F3A690047A3h
          cmp eax, ebx
          je 00007F3A690016F1h
          push 0000001Eh
          call eax
          test eax, eax
          je 00007F3A690016E9h
          or byte ptr [0042472Fh], 00000040h
          push ebp
          call dword ptr [00408044h]
          push ebx
          call dword ptr [00408288h]
          mov dword ptr [004247F8h], eax
          push ebx
          lea eax, dword ptr [esp+38h]
          push 00000160h
          push eax
          push ebx
          push 0041FCF0h
          call dword ptr [00408178h]
          push 0040A1ECh

          Rich Headers

          Programming Language:
          • [EXP] VC++ 6.0 SP5 build 8804

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x84300xa0.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x19e28.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x1a5e3800x2f28
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x60770x62000311bcb2ead177b380555800a8e6e6eeFalse0.6595583545918368data6.403859519216241IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x80000x12500x1400926b1e688f085d737343e22bcf628243False0.4298828125data5.044807654453153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xa0000x1a8380x4009b72314b8d9ad5c72778b00cdf336ee2False0.646484375data5.2244513108529995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .ndata0x250000x150000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x3a0000x19e280x1a000c192cd761a2f8b017781fd898ee0eaebFalse0.17032564603365385data4.017066897842131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x3a5f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.056089554004495445
          RT_ICON0x4ae200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.14107883817427386
          RT_ICON0x4d3c80x1b6ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9115636570777557
          RT_ICON0x4ef380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.21904315196998123
          RT_ICON0x4ffe00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.3734008528784648
          RT_ICON0x50e880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.4918772563176895
          RT_ICON0x517300x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.38353658536585367
          RT_ICON0x51d980x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.6098265895953757
          RT_ICON0x523000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.43882978723404253
          RT_ICON0x527680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4959677419354839
          RT_ICON0x52a500x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.6013513513513513
          RT_DIALOG0x52b780x100dataEnglishUnited States0.5234375
          RT_DIALOG0x52c780x11cdataEnglishUnited States0.6056338028169014
          RT_DIALOG0x52d980x60dataEnglishUnited States0.7291666666666666
          RT_DIALOG0x52df80xf8dataEnglishUnited States0.532258064516129
          RT_DIALOG0x52ef00x114dataEnglishUnited States0.6376811594202898
          RT_DIALOG0x530080x58dataEnglishUnited States0.7840909090909091
          RT_DIALOG0x530600xecdataEnglishUnited States0.5042372881355932
          RT_DIALOG0x531500x108dataEnglishUnited States0.6212121212121212
          RT_DIALOG0x532580x4cdataEnglishUnited States0.75
          RT_DIALOG0x532a80xecdataEnglishUnited States0.5042372881355932
          RT_DIALOG0x533980x108dataEnglishUnited States0.6136363636363636
          RT_DIALOG0x534a00x4cdataEnglishUnited States0.75
          RT_DIALOG0x534f00xf0dataEnglishUnited States0.5125
          RT_DIALOG0x535e00x10cdataEnglishUnited States0.6343283582089553
          RT_DIALOG0x536f00x50dataEnglishUnited States0.7625
          RT_GROUP_ICON0x537400xa0dataEnglishUnited States0.63125
          RT_VERSION0x537e00x2f4dataChineseTaiwan0.45634920634920634
          RT_MANIFEST0x53ad80x349XML 1.0 document, ASCII text, with very long lines (841), with no line terminatorsEnglishUnited States0.5517241379310345

          Imports

          DLLImport
          KERNEL32.dllSetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetCurrentDirectoryA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
          USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States
          ChineseTaiwan