Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecurityScan_Release.exe

Overview

General Information

Sample name:SecurityScan_Release.exe
Analysis ID:1585405
MD5:d19f7fb266813e0fba1d009be48c40d5
SHA1:49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
SHA256:9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • SecurityScan_Release.exe (PID: 5720 cmdline: "C:\Users\user\Desktop\SecurityScan_Release.exe" MD5: D19F7FB266813E0FBA1D009BE48C40D5)
    • MSSPResExtractor.exe (PID: 6392 cmdline: "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
    • mc-webview-cnt.exe (PID: 6904 cmdline: "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb MD5: CD7D48BB339C72CCFE7DA3A3164180BC)
      • msedgewebview2.exe (PID: 6884 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6904.6628.6057490771476933249 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 6212 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 4064 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 676 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 2784 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 4292 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • MSSPResExtractor.exe (PID: 6704 cmdline: "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)
      • SecurityScan_Inner.exe (PID: 6472 cmdline: "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\\SecurityScan_Inner.exe" /inner MD5: 555332D3D4F3197D171CB5B1331B15D9)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-07T16:03:40.130604+010020283713Unknown Traffic192.168.2.184970754.149.200.70443TCP
2025-01-07T16:03:41.603625+010020283713Unknown Traffic192.168.2.184970854.149.200.70443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SecurityScan_Release.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SecurityScan_Release.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 54.149.200.70:443 -> 192.168.2.18:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.149.200.70:443 -> 192.168.2.18:49708 version: TLS 1.2
Source: SecurityScan_Release.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.18:49707 -> 54.149.200.70:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.18:49708 -> 54.149.200.70:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: sadownload.mcafee.com
Source: global trafficDNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownHTTPS traffic detected: 54.149.200.70:443 -> 192.168.2.18:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.149.200.70:443 -> 192.168.2.18:49708 version: TLS 1.2
Source: SecurityScan_Release.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@20/185@10/18
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeFile created: C:\Users\user\AppData\Roaming\McAfee
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeMutant created: \Sessions\1\BaseNamedObjects\NULL
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMutant created: \Sessions\1\BaseNamedObjects\Local\{46C61DD2-00A3-46F1-B456-3E6CDCEF89B7}
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeMutant created: \Sessions\1\BaseNamedObjects\mss
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsh9621.tmp
Source: SecurityScan_Release.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Users\desktop.ini
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile read: C:\Users\user\Desktop\SecurityScan_Release.exe
Source: unknownProcess created: C:\Users\user\Desktop\SecurityScan_Release.exe "C:\Users\user\Desktop\SecurityScan_Release.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6904.6628.6057490771476933249
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\\SecurityScan_Inner.exe" /inner
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-gb
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exe "C:\Users\user\AppData\Local\Temp\nsx9807.tmp\\SecurityScan_Inner.exe" /inner
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: oleacc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: shfolder.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dsrole.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: jscript9.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: webio.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: dpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: cabinet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: webview2loader.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: jscript9.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: dsrole.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile written: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\ftconfig.ini
Source: SecurityScan_Release.exeStatic PE information: certificate valid
Source: SecurityScan_Release.exeStatic file information: File size 27660968 > 1048576
Source: SecurityScan_Release.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeFile created: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes_LD.dllJump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AB70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: AD10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B4C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B510000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B550000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B570000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B590000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B7D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B830000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B850000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B870000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B800000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B8E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B890000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA00000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BA60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BAC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BB80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BBD0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BCF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC40000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC60000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BC80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BCA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BCC0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BD30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BD50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: B940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BBB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BE90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BEB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BED0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BEF0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF30000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF70000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeMemory allocated: BF90000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8BE0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8D80000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 88B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8900000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8940000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8960000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 8980000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 89C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9540000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9570000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9590000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 95B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 95D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9650000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9600000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9690000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 96D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 96F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 9750000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeMemory allocated: 97B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MSSPResExtractor.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MicrosoftEdgeWebview2Setup.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mc-webview-cnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerStartup.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mcbrwsr2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUICnt.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\InstallHelp\SecurityScanner32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes_LD.dllJump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 5792Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 5792Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe TID: 1492Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe TID: 1752Thread sleep time: -330000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe TID: 1752Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe TID: 5296Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\blob_storage\b3a234c4-1917-4eda-a688-0d69c52e3e40 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess information queried: ProcessInformation

Anti Debugging

barindex
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeSystem information queried: CodeIntegrityInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=6904.6628.6057490771476933249
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\msspwebeb\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\msspwebeb\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\msspwebeb\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\msspwebeb\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffda8a58e88,0x7ffda8a58e98,0x7ffda8a58ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\msspwebeb\ebwebview" --webview-exe-name=mc-webview-cnt.exe --webview-exe-version=4,2,0,0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1736257587333730 --launch-time-ticks=4643523835 --mojo-platform-channel-handle=3356 --field-trial-handle=1808,i,13375783106694557437,1796034496405456329,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\Desktop\SecurityScan_Release.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\Desktop\SecurityScan_Release.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exeWMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts631
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory73
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager541
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook541
Virtualization/Sandbox Evasion		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync134
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecurityScan_Release.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\InstallHelp\SecurityScanner32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes_LD.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerStartup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUICnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUtil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MicrosoftEdgeWebview2Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mcbrwsr2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MSSPResExtractor.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes_LD.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerStartup.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUICnt.exe3%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUtil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MicrosoftEdgeWebview2Setup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\SecurityScan_Inner.exe4%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mc-webview-cnt.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mcbrwsr2.dll3%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    mosaic-nova.apis.mcafee.com
    		54.149.200.70
    		truefalse
      		unknown
      analytics.apis.mcafee.com
      		unknown
      		unknownfalse
        		high
        sadownload.mcafee.com
        		unknown
        		unknownfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          13.107.42.16
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          2.16.168.115
          		unknownEuropean Union
          		20940AKAMAI-ASN1EUfalse
          54.149.200.70
          		mosaic-nova.apis.mcafee.comUnited States
          		16509AMAZON-02USfalse
          172.64.41.3
          		chrome.cloudflare-dns.comUnited States
          		13335CLOUDFLARENETUSfalse
          2.16.168.105
          		unknownEuropean Union
          		20940AKAMAI-ASN1EUfalse

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1585405
          Start date and time:2025-01-07 16:02:46 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:20
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:SecurityScan_Release.exe
          Detection:MAL
          Classification:mal68.evad.winEXE@20/185@10/18
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.56.254.164
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
          • Report size getting too big, too many NtEnumerateValueKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • Timeout during stream target processing, analysis might miss dynamic analysis data
          • VT rate limit hit for: SecurityScan_Release.exe

          Created / dropped Files

          C:\ProgramData\McAfee Security Scan\ftstate.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [DataAnalytics]
          Category:modified
          Size (bytes):146
          Entropy (8bit):5.119682431582493
          Encrypted:false
          SSDEEP:
          MD5:C444317641436C42D03A6E9967FCB25F
          SHA1:2C8EB48D0D4958CA01AA705BCC31FD9FFBF53ACF
          SHA-256:DF1DAFE133EC4A18F966FABD640DE7A5C89BF01001F01B37CA959ABF3DAF0171
          SHA-512:AD126F38F112E757224EA5BADD2D4021E9A7EFC7820A34719C0C095521600B5E31BC100307C7E76AF6AC9528202589D8149B72FDCBCE2522EED055D9981E1E40
          Malicious:false
          Reputation:unknown
          Preview:[queryparams]..affid=0..[DataAnalytics]..InstalledDate=7..InstalledMonth=1..InstalledYear=2025..ProductUUID=D0CD7019-91D9-4513-96E0-36A4998C8E07..

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\aviary_client.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1531), with CRLF line terminators
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):5.321166453198633
          Encrypted:false
          SSDEEP:
          MD5:1E7EBC68623599ACA8619CC5169F0590
          SHA1:03BED5B7E64E7509B6BA1C5453AF4B553FEACFC5
          SHA-256:8B044EBA3B6C28828C9DCFE6E499BDCBE3EDFC70F4E4C072DB9C050FD48D822F
          SHA-512:79A585371B332CF90FD1686EA53E68509115F6A939E82CCDF4161AFFD3734C828E3223C03FE5636254A89FD38799DC9C4D4D9779FC718A877B548CEEC52BA68E
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var aviary_client_fileVersion = "1.4.114"; ..function CreateAviaryClientHelper(){try{var a={Get:function(f){try{if(this._aviaryPlugin){var c=this._aviaryPlugin.Get(f);this._logInformation("Get: key: "+f+" value:"+JSON.stringify(c));return c}}catch(d){this._logError("Get exception: "+d.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));g

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\common.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (14337), with CRLF line terminators
          Category:dropped
          Size (bytes):14537
          Entropy (8bit):5.3507201842055725
          Encrypted:false
          SSDEEP:
          MD5:BC8BDE16CFD68270180130A481BED8DE
          SHA1:556DAE92A4F6F577C2EB7DC3432EFF23711DB99B
          SHA-256:2A61139B601CB82E007663D7F29F80EDA8616619A03863A42B72F05ED98769A1
          SHA-512:F6853F5DF1EADF477C911D30C20AA4314987DE6F9841C4ABFC8A2FC1836869326B08AB632D9FCFC6B24DCF1E7D21B61D0D0F645F66B7E41DBE96603FBCF0451A
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var common_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\config_manager.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (842), with CRLF line terminators
          Category:dropped
          Size (bytes):1050
          Entropy (8bit):5.323565161333726
          Encrypted:false
          SSDEEP:
          MD5:5C2EB996C9B5AF003AD9916ADCFE6533
          SHA1:704790B240761930AAB7A541535216FCEBD5C6CD
          SHA-256:46D424408D9487A861CD8BB4900C3610C297B1B9924F2A82AAE0CEC31EBA0E70
          SHA-512:87A0F1B61C1D1F9D2A2D6F53B19487FB6BC88CBA8FB30C4462E22F7F39C7470DDB888D5521F2921669ECA250BD913A46B63F83FB98601B4D3FBA21C7452B11AF
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var config_manager_fileVersion = "1.4.114"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//5EE60414C7D07A259D3A495EC0E70D7DD1BC2350CACEDA67835CF4EB5031E387D9398A386B6DD358

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\csp_client.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3383), with CRLF line terminators
          Category:dropped
          Size (bytes):3587
          Entropy (8bit):5.303660739400768
          Encrypted:false
          SSDEEP:
          MD5:02285FA10F1BFECBB6E0FC79EE757049
          SHA1:64F718E3F85465987B33B6DD29E1C22AF43F79B2
          SHA-256:9B9A6C8721C66C1F29185ECC7F429BBDBB468D63A1273BC12F879830747949A9
          SHA-512:4EED5B2C81D26464D65A1381959CCC8539AED0CBA6A0F0301C696975E6C01899B4221092749778AABE33BA66DAEFBB1DE3E2683B5B59C960864F4844966EBF63
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var csp_client_fileVersion = "1.4.114"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\da_definitions.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1396
          Entropy (8bit):4.131950546304375
          Encrypted:false
          SSDEEP:
          MD5:6F1D4AE5766E2FC0517756E0E083A679
          SHA1:3763521410A5962C645D0445529EF3997B11CF1D
          SHA-256:DAB0F5582C42B61C79B281A5C358BC7529EF9923793BC869C923DEEFA84708D4
          SHA-512:89F6254BCD0B00EB844D377F4DFF94C7D7946BE294CFA8ED5D2B3CCFFDA6F2ACAC4A062822A7087863B270997D9D6FCC2DCFA952C2664230901D087589C14C8E
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "metrics": [.. "event.value",.. "hit.duration.seconds",.. "hit.size.inbytes",.. "hit.engagement.userinitiated",.. "hit.result",.. "hit.metric.1",.. "hit.metric.2",.. "hit.metric.3",.. "hit.metric.4",.. "hit.metric.5",.. "hit.metric.6".. ],.. "dimensions": [.. "hit.uniqueid",.. "event.category",.. "event.action",.. "hit.screen",.. "hit.action",.. "hit.engagement.interactive",.. "hit.engagement.desired",.. "sub.category",.. "tertiary.category",.. "guid",.. "hit.session.id",.. "event.label",.. "hit.feature",.. "hit.type",.. "hit.trigger",.. "hit.source",.. "hit.severity",.. "hit.date",.. "hit.label.1",.. "hit.label.2",.. "hit.label.3",.. "hit.label.4",.. "hit.label.5",.. "hit.label.6",.. "hit.label.7",.. "hit.label.8",.. "hit.label.9",.. "hit.labe

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_collector.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (13754), with CRLF line terminators
          Category:dropped
          Size (bytes):13962
          Entropy (8bit):5.21304794720775
          Encrypted:false
          SSDEEP:
          MD5:56D209C4B77DB36DA734EEAF5E666E76
          SHA1:3FF436681EC15CAF7F6724C9DD8E0541FF452CA4
          SHA-256:BBC40E3E1271ADA78E8064F010B53E2DC5BC7C16CFB14A3E7119879B4EBB3E64
          SHA-512:FCD6000DE2E38EBE051BA3C9E8C5CAE8142B348F04FD9423D48C3A213AE89A16F0705F4CA4C1FB0CDAD0D94E08DCC5F3435F9AB4250EA3FCF21109B5513B058A
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var data_collector_fileVersion = "1.4.114"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_items.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):89363
          Entropy (8bit):3.8489514100309172
          Encrypted:false
          SSDEEP:
          MD5:3002F862E16DFADDBA23DC9CC2522523
          SHA1:601654AF4EE33E6E9C1A1DBC1B47C64AC802DE6A
          SHA-256:A6D8DA663A46C45DC8664BAE6A57B8F319BA1CF90676E9E5A63488C329B8C69E
          SHA-512:DB73A811A18A6BDE7983F5E8427E3D2D75D13800EFE220DC2227E0BD6CA401F4DC3147A89FAC36BC4E49DE8251EF3DB5C8F9919EB329DF9EF8B5E26702BAE181
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "auth0_user_id": {.. "params": "auth0_user_id",.. "source": "settingsManager".. }, .. "user_ref_id": {.. "params": {.. "action": "GetProperty",.. "appid": "vso",.. "name": "user_ref_id".. },.. "refresh": {.. "onMessageBusMsg": [.. "Core.Subscription.Sync",.. "Core.Subscription.SubscriptionUpdated".. ].. }, .. "source": "subdb".. },.. "CSP.ClientId": {.. "params": {.. "action": "ClientID",.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f".. },.. "refresh": {.. "harvestIfEqWithTimeout": {.. "value":"[ruleMismatch]",.. "timeout":600000.. },.. "onMessageBusMsg":

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7140), with CRLF line terminators
          Category:dropped
          Size (bytes):7341
          Entropy (8bit):5.275074613666029
          Encrypted:false
          SSDEEP:
          MD5:B3E7252726A1A200EE2545087AECE2DA
          SHA1:A21BDEBA3F9DC50707784CA5262C64151B18B6BA
          SHA-256:E73737B43188F5EAF5476502301228DA191E4679FEF2DAD83584C85B3B04A185
          SHA-512:1CF46EDB80E716254FE4458A7C25D8F226A0E2CF3F94980AE10E6F3703F46A4C6A3E8F7C566B0D5A4189A8D87E6D6F9B0F00B9588DB6E412C36324A7A53B9E15
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var dataset_fileVersion = "1.4.114"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset_da.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6749), with CRLF line terminators
          Category:dropped
          Size (bytes):6953
          Entropy (8bit):5.406921317159456
          Encrypted:false
          SSDEEP:
          MD5:54130B64A7B6C873A442D99B37C94BD2
          SHA1:9997B6D86FEFB276DAF608BFA77A63CBC4A1F8FB
          SHA-256:3386EC5C89C89B296A83F4FB941E12B1BF337782F626F90D0ACE90280995B6A8
          SHA-512:AC3D0E127F5353444638701CFDF4D002B347BE4C0C6A64DAB5D331B306103AE2D7D0B9FC745FD2322ABC6E2C3D2A61F6B4617A75FE2F34D858B6673EE57A72DC
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var dataset_da_fileVersion = "1.4.114"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\datasets_catalog.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):10553
          Entropy (8bit):4.124349379343266
          Encrypted:false
          SSDEEP:
          MD5:AC18B2AC0D9FC093ACA0D07D01B13218
          SHA1:0C840474541229CC7B64AE19860E3EA85F4DE8A6
          SHA-256:D6D59C37B9F46E3879CAC60239C30A614B3A6AD1B08A9021ABB07D108FC54562
          SHA-512:0FA947D5889ABE619A81960524BFD059F419F0C0EA4A7652A9A6D218BE9BA250FC297D01053F6A43C3445D96B53CE7AEEE93498D40B104D36C9238185CE8CEC7
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "ab_test":{.. "data_items": [.. "analytics_governance_version",.. "device_id",.. "product_affiliate_id",.. "product_analytics_sdk_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wss": {.. "data_items": [.. "auth0_user_id",.. "user_ref_id",.. "WSS.Hardware.ID",.. "WSS.Software.ID",.. "WSS.Segment.ID",.. "WSS.Segment.Type.ID",.. "WSS.MSC.Version",.. "WSS.MPF.Version",.. "WSS.MPS.Version",.. "WSS.MQS.Version",.. "WSS.MSK.Version",.. "WSS.NGM.Version",.. "WSS.VUL.Version",.. "WSS.VSO.Version",.. "WSS.VSO.Content.Version",.. "WSS.VSCor

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dictionary.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):20179
          Entropy (8bit):4.552776289770129
          Encrypted:false
          SSDEEP:
          MD5:BC382489643E9DDC228A8D051A42D337
          SHA1:8A99506591E5B90308D02489497361CB5CDEA803
          SHA-256:86F3DDBD547491B25BF67F9BF1A182588EB7DDDB84F3CA875B65B059C1D86896
          SHA-512:CFCE98752EBD973E370880492238B858030A07F27FA2BFA1DAFE619CF37E4B56F6F74D0FFDD93C53551583A8F37570EBB7A1C230ECA0480B48F546882CD98029
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_metric_3",.. "metric4": "hit_metric_4",.. "metric5": "hit_metric_5",.. "metric6": "hit_metric_6",.. "screen": "hit_

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\emitter.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4110), with CRLF line terminators
          Category:dropped
          Size (bytes):4311
          Entropy (8bit):5.214434221619653
          Encrypted:false
          SSDEEP:
          MD5:D8C5553A463C6E0E535E75731984F97E
          SHA1:DC736DD2072CFAC34E33B1BA276B240AEB76239E
          SHA-256:3DDC7CA8246F0B324B2ABBE4750302AB322C92A4AEEEDF3B5AEC3B1712359748
          SHA-512:06F6188B41BD97DB2D7D1981F25DB5C9771BE7ABE650417DD99A3547C90660311E44001864FE452304BA6A5C4F0A90E584F00A637EE6D01587647EFB212B3980
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var emitter_fileVersion = "1.4.114"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength;this.extendedAttributesLengthConfiguration=e.extendedAttributesLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transpo

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\engine.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (11329), with CRLF line terminators
          Category:dropped
          Size (bytes):11529
          Entropy (8bit):5.250654475538895
          Encrypted:false
          SSDEEP:
          MD5:BF1603983B0F6F5F4D75FB1206860C8A
          SHA1:D42E9A0DC78B184774227C7D0E86EBB62E904928
          SHA-256:6D01A312285532A3263576F4306D9667411E203DDD3A1A1EF1EAFA7B8FCF4E10
          SHA-512:31873A7F9EE9F466D65B09A565FF505D75657B39A1D96E3AF87DFA88F6378D6FE3FD3333CD73CEACE33AECA1155942B0024AE88AE831E5B1FD09483AAC2DD49C
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var engine_fileVersion = "1.4.114"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\error_transmitter.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2529), with CRLF line terminators
          Category:dropped
          Size (bytes):2740
          Entropy (8bit):5.312241151375569
          Encrypted:false
          SSDEEP:
          MD5:213154598262F6FB58D03D24B789EBCE
          SHA1:57A9D0906614F8A0A4FFC06303CA7D2014D7DD1F
          SHA-256:9D021EA0C55B0496824431423C36A45A9D37FF293B1EA55B7F54010CC568643C
          SHA-512:C8ECF758190574B5980E60A27D77929925EAF5011FA836861168D7C2F4505DF04FBAC66E018E66F96EAFC9081B1BC592DB8EDF81CAD0EA5EFA1B981A0A510BC8
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var error_transmitter_fileVersion = "1.4.114"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\event_handler.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6709), with CRLF line terminators
          Category:dropped
          Size (bytes):6916
          Entropy (8bit):5.332274302455534
          Encrypted:false
          SSDEEP:
          MD5:92E85B12506AA4D5565097C3061178A4
          SHA1:E7E9704B229B6E1F149CB3F2BACD5C09C4C07686
          SHA-256:2E9F27AB73C48D04F1913723050E8573D3A17A1CF95D842D29CD41E6602A2DFA
          SHA-512:4D6AC930DE75CF9C51A556D14C97CDE438D9C07DE01903CA0C581D7002012563F3AA8BCC8333BA1EEF3C7E372CABE5E7698EBCCB329B9C34BAAA80D43E365FFB
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var event_handler_fileVersion = "1.4.114"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\events.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):218852
          Entropy (8bit):3.07966733633794
          Encrypted:false
          SSDEEP:
          MD5:BAA2C7A097685ECFB8FEC75AC61EF4B8
          SHA1:6838FA7D8EFF2E2A9B3DA6909D45D29FB01068AC
          SHA-256:A3548BE86C732BAA9B3F7535AF98D1C010DB0A49B155672A6AE742FB54EBE40C
          SHA-512:7D1FFA13E6FD472C57E29B87CCD7A256B06B22E6C68FA96F55D26BF9F2DD601F0E49487A1EA31BEA20E0E95E621174333380006C04F595DA843BB1898D7594E8
          Malicious:false
          Reputation:unknown
          Preview:{.. "data": {.. "mssplus_antitrack_bottomfixnow_btn_clicked": {.. "attributeRules": {.. "hit_action": {.. "meta": "BottomFixNowButtonClicked",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "clicks",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "Button",.. "ruleName": "override".. },.. "hit_result": {.. "meta": [.. "Green A",.. "Green B",.. "Yellow",.. "Red",.. "Orange",.. "Blue1",.. "Blue2",.. "NotScanned".. ],.. "ruleName": "in".. }.. },.. "curren

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\hash128.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4059), with CRLF line terminators
          Category:dropped
          Size (bytes):4260
          Entropy (8bit):5.611655458668878
          Encrypted:false
          SSDEEP:
          MD5:51F63AE068525A0A9CE65CB747382E5F
          SHA1:AB3B142E93314394CFB1E1D53B8096A9ED43A5C5
          SHA-256:67373CC04DDD025DA7E357B76FC7D469245D182E180468CB837D9693F4D4C58B
          SHA-512:3DC64D39FC387F6DFFC2C9F5A1FC20021C5DD3B0C30C8B91FAE609D91057308CBDF09AAEC4C526B0DC633CE232097082271934C4DE8B6E6581553948259DC384
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var hash128_fileVersion = "1.4.114"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\json2.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3618), with CRLF line terminators
          Category:dropped
          Size (bytes):3817
          Entropy (8bit):5.534649553785636
          Encrypted:false
          SSDEEP:
          MD5:6427079324D5008E719994CD57D6F2AB
          SHA1:57A28074280273933F49A51F1E9059FE00E73F8D
          SHA-256:D7201AA522A70C9A39564D271BF9F19F4CC59216D017B88F2EA08B7125DA2A7A
          SHA-512:F5B6689F66C1A23DA1BE805D0873FC52A594F0CB9D31B06B51F7F39E35BEFCC3734E6E96B56E6548B3D00FAD5BE3056BC5F72927766D0D1459F509002121004F
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var JSON2_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\logging.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3176), with CRLF line terminators
          Category:dropped
          Size (bytes):3377
          Entropy (8bit):5.47480094679374
          Encrypted:false
          SSDEEP:
          MD5:54E42C81FDCCBE0AC571BA591CD658E8
          SHA1:C0BD91EF58B860F1DA00F16661CB9014E5C4D417
          SHA-256:F064D98CF449EF55F604E1D1EEEE928A010A8C2A06DA3E6EBC0D93E255CEACC4
          SHA-512:7349FF9A2475B991B45A738AC328377B40300401F44F365B86EFF687183F9C954637DD867C0741903D61A4EB44811B71E0E6FAC155CEE75D82731D841FED6866
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var logging_fileVersion = "1.4.114"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mappings.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2160), with CRLF line terminators
          Category:dropped
          Size (bytes):2362
          Entropy (8bit):5.338981928348514
          Encrypted:false
          SSDEEP:
          MD5:9B96221B31737995796F892F0DBDB4BA
          SHA1:9F27EF2BFA85A958F099B7B37B03531BECE00C23
          SHA-256:633CBDBBAE59548247F68C69151F2EC96222B429BC05BC43F3517263BAB39284
          SHA-512:9197C76CBD438273FC28ECCEDC48579C5EFB7F5E2FE2384CB81959850EC6B6C5E4261723B3F04504106AD1EBBA72E9DD6126B6DC269A107B898C46BCC072E7EA
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var mappings_fileVersion = "1.4.114"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mcutil.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1832), with CRLF line terminators
          Category:dropped
          Size (bytes):2032
          Entropy (8bit):5.421428347091938
          Encrypted:false
          SSDEEP:
          MD5:18378A5EB18C7D41DE0AEA56CB3E2DF3
          SHA1:172EB8905FFB1AA531016074367CDBB2D10EDDCF
          SHA-256:AECEFED3C550360CA15C01458374FF46960FB038DD6CD9E2B674F154C8FDF542
          SHA-512:E9A171B0199E3E78D640BB3F9FBE80E50950901AB7914598B7AF9FD6A6500F061B5965CF4203B791BD2391AACBBC6D192467F95EC69C099474FFFFDF7ECE2690
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var mcutil_fileVersion = "1.4.114"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observability_datasets.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):455
          Entropy (8bit):3.582535825574766
          Encrypted:false
          SSDEEP:
          MD5:DC0AF256F66373834F7A5012C4871D13
          SHA1:DBF0432073C2833D23C27007B491028EA887F94F
          SHA-256:2A898C8070B4BCB4100CAD3CE086EC46294EDD9C87694F1D91E6786F78724F72
          SHA-512:766063869D60DB33B7FDFFCD0FC1665DF0203ABEAF8BEE2E25C8C929AA5B1E330AC19F6A97068F9F08CAC3A1304EB28624DE7012AE027666422F7FB6E54EE3F7
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "data":{.. "Testing.Mock": {.. "map": {.. "Success" : "Received".. },.. "default": {.. "Test.Value" : "Yes".. }.. },.. "analytics_dataset_get": {.. "map": {.. },.. "default": {.. "hit_event_id": "analytics_send_splitio_product_attributes".. }.. }.. }..}....

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observation_analytics.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
          Category:dropped
          Size (bytes):2017
          Entropy (8bit):5.263461770158519
          Encrypted:false
          SSDEEP:
          MD5:9A0756A86DD2AEF257CB1467ECAA7BC4
          SHA1:9CCA3D375956F68991E694148E379A0BD1AE28A7
          SHA-256:32B800AE003E25D728A4741777E4F4DB3AFB2D65C7FB79950282CB158C772D34
          SHA-512:A046924B809BA326F7FDA7A981F06BF7900B9C33F49DD298ED0BC90B395518D3BF0577CD165254DF9F657DDCDC5581E4515CBF13A70C06374004E0F6D02C4EC8
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var observation_analytics_fileVersion = "1.4.114"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\operations.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6532), with CRLF line terminators
          Category:dropped
          Size (bytes):6736
          Entropy (8bit):5.341408996751215
          Encrypted:false
          SSDEEP:
          MD5:6D6033E034A4DC4FF629BB45E34150D1
          SHA1:C82019EAD44792BD22FA045EFBE2FCD338D4D8ED
          SHA-256:63720A1F4C7719ED1ACDEA115494808400A3BAD0BB9C506D79F06960F2CE3A72
          SHA-512:27289FF8D24F4959F682A93052CDB6610B78600D6DBD403CB6699A0C4B919FA612D9FDC26781F9914EC8BE136F424A678D32F4DDBCBE15DC2D4B0141059E6E96
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var operations_fileVersion = "1.4.114"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\preprocessors.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (825), with CRLF line terminators
          Category:dropped
          Size (bytes):1032
          Entropy (8bit):5.403700179750359
          Encrypted:false
          SSDEEP:
          MD5:1957CAD03CE47E5B8B5D52B3540401C1
          SHA1:FEA43BEE58913AE3C613850FBDDA772D2650D52D
          SHA-256:99E222C01573B1CC3CEA085FC065FA7CD1E85A32870CC5D9500888550747A62C
          SHA-512:4302DA56B265DCCD81DF6B3BFC3C52492927DB5654A11F3A1D4F83AC439F357390A72692FFBE11D1C6A55C4E11018F90852C4EEE32A4E2B7AAD08610FA374439
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var preprocessors_fileVersion = "1.4.114"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//E20DF6F144E8358CE37E27629DD7FDC5D2F1110A094127B44884C469763A7DEFE90D28FFEAECE05B60E727306E7A6CE2C1

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\profile.json

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1113
          Entropy (8bit):4.8133512540587
          Encrypted:false
          SSDEEP:
          MD5:CF2FE9FE7C8EB2B706990271E430180D
          SHA1:81C21541C9C504C3A43CB15189E504C04DB97AAD
          SHA-256:E2DD99C69509A5550893DE432A7D75B3C6FA99C4F6D62F40F055E400E5B77356
          SHA-512:39493C928E0361AA4B9B621C9E81BA0CB4D88456E5A9EFCAE7EB5BF200817FB468807C3629635062E8AB288D862A0A460FB99B59AE3A43916BF02791637F2E71
          Malicious:false
          Reputation:unknown
          Preview:{.. "version": "1.4.114",.. "geoInfo": {.. "apikey":"atRBlD3nPU2xVcVHyaHQW9iaT4LUthwd5bgphI4S".. }, .. "data": {.. "profile_ab_test_mosaic_kongapi_100p": {.. "transport": "aws_apigateway_v2",.. "dictionary": "dictionary_abtest_mosaic",.. "datasets": [.. "ab_test".. ],.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f",.. "transport_config": {.. "apikey": "eKW5FAM71o3cPLamQdUSc7lTXU0BWGKtWVxISA50",.. "service": "ab-tests",.. "consumer": "core".. },.. "throttleRule": {.. "meta": 250,.. "ruleName": "dailyMax".. }.. },.. "profile_mss_mosaic_kongapi_100p": {.. "transport": "mosaic_api_v2",.. "dictionary": "dictionary_mss_mosaic",.. "datasets": [.. "default",.. "content_metadata",.. "device",.. "wss",.. "mss".. ],.. "appid": "458fa1b2-a07f-42a8-a608-4764244bd594",.. "transport_config": {.. "apikey": "htcnZaEGgL9HlF

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\registry.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2785), with CRLF line terminators
          Category:dropped
          Size (bytes):2987
          Entropy (8bit):5.391906290625516
          Encrypted:false
          SSDEEP:
          MD5:38E8221A1F9954C4581F866D884A24F5
          SHA1:B7C992AE2B74ABDE7408232CEF178EB17AC3C01E
          SHA-256:569D79EE5F8419FB953FD758994F50CC5815D44F4F53DDD5F6EDCE901698EC5B
          SHA-512:05FBAF92671969A9773417A09B4D5B16C5A9EC870589E43B43B3E8CBD82D0837325325F91A8CFC78A97C728000FE960485A0A0DC62CE47E92FCDF970B4607F81
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var registry_fileVersion = "1.4.114"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rest_transport.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (6423), with CRLF line terminators
          Category:dropped
          Size (bytes):6631
          Entropy (8bit):5.3005420308257545
          Encrypted:false
          SSDEEP:
          MD5:4A7F198BCE36FEB5E08673D1B2D69AA1
          SHA1:FD0862508788BC6D56FF49CF702D146EF1C6F927
          SHA-256:832E54A9AD812A29DC69C8ACE588BCEA85D3B5B655FFD9C12F01AC41FA927D0E
          SHA-512:9DB9E292CB55A337011C2F7E5F84E8681C0830F0E58D8617E1C943E9A2A583CFAEEB132F5F0AAD574CFBDC4EE1C1DC4703B96CDE2AC9DFC2FE5569595AFEB814
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var rest_transport_fileVersion = "1.4.114"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rules.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3246), with CRLF line terminators
          Category:dropped
          Size (bytes):3445
          Entropy (8bit):5.354970500627735
          Encrypted:false
          SSDEEP:
          MD5:83408E6F5E87F10716813F0609EB9C8B
          SHA1:765C4D09E1988F32E4425F3A1616D2BD49EAE832
          SHA-256:F1877A88D8A1446C8C9C09E8A39F90500DE89F96FC29B8D59FFB07AD579B5A93
          SHA-512:A398E325CDADF4DC3AF8D42292D9CAC4F830650D8064CF3E1280AA74D69AAA792E96A08532C6231A3C5C1624A443B6B99567B712D521DFE33CC1AADCA04AB56D
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var rules_fileVersion = "1.4.114"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\sha256.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
          Category:dropped
          Size (bytes):37442
          Entropy (8bit):5.182723724496523
          Encrypted:false
          SSDEEP:
          MD5:30421B29B9EF976CD06AF1C628BDCE00
          SHA1:242FE79E1369C242B8F71F3C16610F1259632F67
          SHA-256:DBC8A47CCB52356B0313A309DB23CD7EED9253846115DC9203735F0883CFB930
          SHA-512:9B13E21E08CA03CDC626CCBE288627251259EB74F66B9B10A7BE30BF45DA17B799E8C752C28DAE39DB996BD2CA2AE01588C8BD7A2358C36D7666B8442AD4F245
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var sha256_fileVersion = "1.4.114"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\subdb.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (663), with CRLF line terminators
          Category:dropped
          Size (bytes):862
          Entropy (8bit):5.496968261268393
          Encrypted:false
          SSDEEP:
          MD5:944BB4D794B643EB0EA91230EE1DAA3B
          SHA1:3410E315F19B679F15C3CB862490C093A947407F
          SHA-256:432AC632D1C42EE47D994F609AD612B6D19A45275EBA3CFD4B0EA8B8AEB76F6B
          SHA-512:EA65243D1CBC0907C135F95D944B876E3668338E37C9912E5E2F6C6504997A77B0197E090AD292E3B0B4C2AE6FE0C3545FE7786D7F0F778E3A57BF20B770CB80
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var subdb_fileVersion = "1.4.114"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//5A613539DF54CF27B020D1B04852FE795E7F246B63773C9AB845982A6D7F055C95AAA4EAA30AAAA79E169CF4887FB2ABB0A1137E23886252ADA59378270B96C5++

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transmitter_template.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3717), with CRLF line terminators
          Category:dropped
          Size (bytes):3931
          Entropy (8bit):5.349626620456465
          Encrypted:false
          SSDEEP:
          MD5:6F5E954F2F3F060F2ADB4C5767939CE8
          SHA1:CB34ED8B68917BCE7E1BD287E8C7D7E5510D5481
          SHA-256:BE969BD89EFC244C3E758C063C3C38885B96798D3FE24B25AD996B0773CD3561
          SHA-512:2AE07CA3CC09CCB03AA384E8541411860938972F6FA6FA190BDF42399ABA92498D486B5C14261E500FE85BE27047FB7A094D2385CF74B1DD4E4945D8559D2801
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transmitter_template_fileVersion = "1.4.114"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7089), with CRLF line terminators
          Category:dropped
          Size (bytes):7292
          Entropy (8bit):5.243071797791836
          Encrypted:false
          SSDEEP:
          MD5:DF3D64D883831400BD58879126A95ED9
          SHA1:A7918A06B4801F733712EFD3CCB16ADB68CBC829
          SHA-256:5D19D0E059ADC4ADBB79DDB57380EA066A4A3CA372605C957509948E8730E029
          SHA-512:F598D05B92218DF915968EAE625E10EE1572284BCAA9C80F0F611C7728D5215BE657107F0B5B142B287A42B3485E1B33072086473E5E31174ABDD95783A97E41
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_fileVersion = "1.4.114"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_api_endpoint.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3250), with CRLF line terminators
          Category:dropped
          Size (bytes):3466
          Entropy (8bit):5.329272530030789
          Encrypted:false
          SSDEEP:
          MD5:F490FF928FA301034C1E5369339D07D6
          SHA1:B1E40CE43DE124FAE928E2BD2102354B1EA31D22
          SHA-256:C67AA9090886CAE34D3522BE5298DFA54BC9BF850845EAB71207BC76F7046D33
          SHA-512:852DA599E669A82D423E5B5DC9A1E358AC84E0E4D502AC4261D6AB721C4FDE8E76C4E4529B6918A5327C5E7DB6694BD50DEF6B5A4D9F665626B4562573359214
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_api_endpoint_fileVersion = "1.4.114"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_aws_apigateway_v1.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4753), with CRLF line terminators
          Category:dropped
          Size (bytes):4974
          Entropy (8bit):5.407477472670478
          Encrypted:false
          SSDEEP:
          MD5:3A62ECB46D55CE056DDC6B1C82D058B9
          SHA1:EBB67FD4F68661CFD97DEE58D6F2BED9B74F06AC
          SHA-256:BD72241D6717283399EED99DA7F81A6BFB19D2274BE698CB8A3D5BDB5F4EDD2E
          SHA-512:B7959A60CA64C8F3ECFDAFA9D59703351B2DE4844F905C58466AA56CBDA04086B0A4A277CDDCBE8590A4DDDA378C9CAC811950848848742E2E645E76CEFBA613
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_aws_apigateway_v1_fileVersion = "1.4.114"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_da.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2581), with CRLF line terminators
          Category:dropped
          Size (bytes):2787
          Entropy (8bit):5.38813757973808
          Encrypted:false
          SSDEEP:
          MD5:DAE9DC9F4767E1C1BA0F2292BAF0112B
          SHA1:DB2ED3395B1862ABE2B7F701B9F759609E6CD4D9
          SHA-256:576A92B11C3155A87017BA2E539812286498A8C979F9692C2922708040EB51F1
          SHA-512:CE513638798C7C5CF44D5DFAC6C8ECC238CB94D9C0A5156C7D2F6211B6BF1BE651105A3F69B7349B961823A27EF3B5FAEF8B18D014815FA7017E7EC2D03830ED
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_da_fileVersion = "1.4.114"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_eng_observability.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3274), with CRLF line terminators
          Category:dropped
          Size (bytes):3495
          Entropy (8bit):5.199846052919043
          Encrypted:false
          SSDEEP:
          MD5:93581833279E8522F8EFC14966C3BF04
          SHA1:010DD699BF7509E1B16575EDBD84F559EBE07CC0
          SHA-256:4713BA38325FF8C257CC2F5DB63705AD421137043A5128906B2E5186372844B2
          SHA-512:5C7172048CAB81E0126A3E014DF52FC32300AFB45E5B6A73B3D9CE2E6C657597D201FA22318A508D18084770F4BBD0183738740A2B703E2940F26BE749173B8B
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_eng_observability_fileVersion = "1.4.114"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_event_hub.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7985), with CRLF line terminators
          Category:dropped
          Size (bytes):8198
          Entropy (8bit):5.263467139966956
          Encrypted:false
          SSDEEP:
          MD5:656AFACBD15E9B8CA9DBE06F13FEC889
          SHA1:DAD2AB0D6BD92548C1C1C4CA945FD111BFF6B185
          SHA-256:1D8283518587B2EF32DE17049F5F20EC1FCFFE9F15CEE595B3FB8AC9F9949F48
          SHA-512:67D2C75802CE9F4A47DD439B4712ACD9C999D62EB47DD950585174F50C74FEF8BE23AB59E8CC3EB9C24457C4525C27D0475F911953D598AC8D0A0AD1BA050B7D
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_event_hub_fileVersion = "1.4.114"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_ga.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (2200), with CRLF line terminators
          Category:dropped
          Size (bytes):2406
          Entropy (8bit):5.4839496030761605
          Encrypted:false
          SSDEEP:
          MD5:5E5FE66ED895E9253939E2ECF6AFF3D9
          SHA1:407B2A142D0AFFE796A9FBE4267543BEE40FE597
          SHA-256:29E44BD845EA7FE3BDE0EF71C8CF2C334F73DFEE255A54291D4581A200844363
          SHA-512:F1182888702A45F14BF2CDD741489F83BA2CF6B4CAB5B5414017EE41D0C21F2958957098572EE7D39FCA1B5A77C39C6D592D1AE85300703C890491294EB5D9A9
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_ga_fileVersion = "1.4.114"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_mosaic_api_v2.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (4495), with CRLF line terminators
          Category:dropped
          Size (bytes):4712
          Entropy (8bit):5.257620084723445
          Encrypted:false
          SSDEEP:
          MD5:30BB4AFCAAEBFE34DC64A5E227663C1E
          SHA1:38675C1939117C9B1393F2D1804D20819B9B34F8
          SHA-256:A47F219510EC9E1D409CD804BB2C5DF29C02A64AF95ACC0706D123662574A37F
          SHA-512:975914AF2C331B2177AB415D9F95E372DB0F0E477A3BB09C98A088DBE236E5551EBA635C45A7BC3E2ADAACC73805BD076CD125974B45D12B11557DC463179347
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_mosaic_api_v2_fileVersion = "1.4.114"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this._rtHeaders=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Trans

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_msgbus.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (3000), with CRLF line terminators
          Category:dropped
          Size (bytes):3210
          Entropy (8bit):5.244849543315333
          Encrypted:false
          SSDEEP:
          MD5:63CD95F661B0AC1FA4092DA021B9D473
          SHA1:3E0B0E70F437880AC4FBB61032EC99D543404EF4
          SHA-256:B5B337CE44977BFDFEE8EF6B114DED28A8BEAFB91AE4576D97AC130FE14E3DB2
          SHA-512:FFA147D95FFB144F2745B1600C67B4B6F15190CF583431CCB8817CB714B4582352F7B7EC9692F88A9317BF37F5CFC6BA9FC688D6050CF3C065A5C400DB93DDCB
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_msgbus_fileVersion = "1.4.114"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_template.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (1249), with CRLF line terminators
          Category:dropped
          Size (bytes):1461
          Entropy (8bit):5.3380175011956865
          Encrypted:false
          SSDEEP:
          MD5:E26E122B0BACA7D630EF243A99AAC2F7
          SHA1:F93785080E5E672F1AABD2575F83E1A120A5C6F1
          SHA-256:161E501CD97AAFFC1A69CE6DCD1B6D4519F86575745FF215E4C49B8ED2B0654D
          SHA-512:1AB6891B2ED18860B02AE892901AEF93FF19D533E1E654C34E549A76182213C3B8BB6C1B5BA3EA5D8FD6BA90AF1E391DA87853FA5E1342A442F1A3526EA6B52E
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var transport_template_fileVersion = "1.4.114"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wa_settingsdb.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (814), with CRLF line terminators
          Category:dropped
          Size (bytes):1021
          Entropy (8bit):5.407414719714446
          Encrypted:false
          SSDEEP:
          MD5:17C871882C6C874CA0ED103FF63F3FEE
          SHA1:1F693800FF2C8063EF66F6ADECCCD3C352312649
          SHA-256:F023ED084B8090DEC646B18DE0F7F57D826B5D771459CFA3485B9199AFF88EB5
          SHA-512:255ABF929A8216485243130B08F631BA0D3833AD3933B33849BE75946F8B5C89AAA3E6B7D154D560D6A94F004EF4EE4D1E8ACBEF11F373F1825AB65F1D965741
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var wa_settingsdb_fileVersion = "1.4.114"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//0BCF996CA278776F18D980E1CD65E957514E3AC7C641017A9265F2C11C54BD2992B187E6888F1FCC84B31BBFF02150C555336672D6E3F

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wmi.js

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:ASCII text, with very long lines (7401), with CRLF line terminators
          Category:dropped
          Size (bytes):7598
          Entropy (8bit):5.384536988836127
          Encrypted:false
          SSDEEP:
          MD5:574BF04A7290D97FC5C676841AA8580A
          SHA1:0D86A946ED32595A931D14532AA383DA0F99B72D
          SHA-256:A36A85FE02E4DA4C92B5289D03E088900F00A8B61BBFF139DD96253BB22ED99A
          SHA-512:6A6FC615C99EFE69943C5BC749CFB044D5205590894F16C4FF145700F739134B0AC4DD2B284168F04FBAB2CC3470EE48A41DB3DD67A4055F1A48EE0E2E221F3C
          Malicious:false
          Reputation:unknown
          Preview:/*! $FileVersion=1.4.114 */ var wmi_fileVersion = "1.4.114"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

          C:\ProgramData\McAfee\MSSPlusClientAnalytics\dataConfig.cab

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Microsoft Cabinet archive data, many, 68256 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
          Category:dropped
          Size (bytes):81360
          Entropy (8bit):7.977829061695821
          Encrypted:false
          SSDEEP:
          MD5:6C9F7102550881FCBB8ACA29B23FAFBD
          SHA1:240DFCC6C4E7E6AC48E27F0E2BF9496A544D03E5
          SHA-256:F3B1783C05D76E950454D9EB26DC8C9092084C77CA0561211BD3CBE43FA6BFB6
          SHA-512:DDCCBA6715A21CA2C0A03A6740FFD953F71447C6F2F1FAFCA9B3CEB2DD124309EC8835807D017CEC6513A986197A5BCEC3A3901A2409C67F471B5AD12CA59E02
          Malicious:false
          Reputation:unknown
          Preview:MSCF............D...........,...................03............................kYE. .aviary_client.js..8........kYA. .common.js......?....kYA. .config_manager.js......C....kYA. .csp_client.js......Q....kYA. .dataset.js.9)..]n....kY. .datasets_catalog.json.).........kYA. .dataset_da.js..6........kYA. .data_collector.js..]..I.....kY. .data_items.json.t...\F....kY[. .da_definitions.json..N...K....kYj. .dictionary.json...........kYC. .emitter.js..-..z.....kYA. .engine.js...........kYC. .error_transmitter.js..V..7.....kYx. .events.json......:....kYA. .event_handler.js......U....kYB. .hash128.js......e....kYB. .json2.js.1....t....kYB. .logging.js.:........kYB. .mappings.js...........kYB. .mcutil.js...........kYl. .observability_datasets.json..........kYB. .observation_analytics.js.P.........kYB. .operations.js...........kYB. .preprocessors.js.Y.........kY.. .profile.json.....`.....kYC. .registry.js...........kYC. .rest_transport.js.u.........kYC. .rules.js.B...g.....kYC. .sha256.js.^.....

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2278
          Entropy (8bit):3.8391373097478776
          Encrypted:false
          SSDEEP:
          MD5:54C1126683163C01D9C283DC75A6AF09
          SHA1:D8FFAAA95BAE6938407F617B06985B8393F16AAD
          SHA-256:7C457E8E1723E9A732CE7C21FB761F3AE3011BDB1FCE990421F4752F8B5445AB
          SHA-512:7080079852D14C911AEA8592FBACEA4B6838CBDFD7E2FCD5E39DFF2EFF6549529475CECF1EBBF5FCC2F83407D1C7978285EE165066F62729D03D0E6CB4BDD819
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.C.t.X.w.h.1.h.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.6./.B./.8.f.

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2684
          Entropy (8bit):3.9063245394595834
          Encrypted:false
          SSDEEP:
          MD5:8DC412E37C0EF3E2A4BF3E8151CC8680
          SHA1:28734FAAFDFE3F4F77E49079C7763F114FF8A2BD
          SHA-256:EAC28EAB7C2706486908947EC18433A81DAEFE4A77A97EBB5EFE4D086302C6F0
          SHA-512:4C2ADF0DA8A5969E0E273FB80DD3A04EC32F9FEABEE184FF0116DCA2B1468EB01E07E7E705DF9BFF4C5D04FD5F3B91B3D1C4A3439E2ED4449E9855E98B10BE6E
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.5.h.S.2.e.Z./.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.6./.B./.8.f.

          C:\Users\user\AppData\Local\Temp\66a221a2-a7cc-4a1c-a5da-9003969c96d7.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:PNG image data, 7 x 76, 8-bit colormap, non-interlaced
          Category:modified
          Size (bytes):397502
          Entropy (8bit):7.639689704461758
          Encrypted:false
          SSDEEP:
          MD5:3B95CABFD8DD5087F428EBB5365AEABB
          SHA1:ECBA57A1A652633154D1C1F41C61B1FE2CA41196
          SHA-256:1CAF1C3642510C6A99336D6D0589053C646027800E2B617DC926ECFA2B729719
          SHA-512:19F2501819ADD89556DD9BA8C919209B5CDB7D47EBDAF1BA0164C2C5899D5933CB42A33C19C8EFCD8BCEAE2E3336F345C6B510F58A212F73A254022AF3CCFD47
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......L.......]N....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\14d5edc9-a3f2-416f-9deb-fcd045e0b497.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2053
          Entropy (8bit):5.471776697535561
          Encrypted:false
          SSDEEP:
          MD5:FC050FEE4D3CB76CE84E155133B2A821
          SHA1:309D1823AA0103C49364498511B0DE63EB586813
          SHA-256:10567BD6E69763C3A4E52F326578345115D4529F7A79DAFA6F2E0A088F179946
          SHA-512:A2B1D346946A8F910901498DCECC67B032BCE6A0C42F90C907E7B9B664700C9250BBF3FE5C98F1BD20FA505C5AD1529800813F724BEC6A48A990B43980FDE85C
          Malicious:false
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"policy":{"last_statistics_update":"13380735830317040"},"profile":{"info_cache":{},"profile_counts_reported":"13380735830354787","profiles_order":[]},

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\2ac67ac6-13dd-47e7-b629-96d9c9746667.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):950
          Entropy (8bit):5.7346230946049666
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\3900c4c5-9369-49e0-afed-33e5161f9d6e.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16429
          Entropy (8bit):6.065753825834129
          Encrypted:false
          SSDEEP:
          MD5:18B7AB4AE73737377C07A9BB16ABB0BE
          SHA1:5CFF19AFFBF43346DB8D0C941CE63D2D0CA57F3B
          SHA-256:51C2FB5834DA616944D60F88A5703BF8A0C2D52091F9A222454FD9FE18918030
          SHA-512:D35B8437DBE0A76C80220DEA066AA0AE54D74A57E719CB4D4A6810C9B1D0AC06CA5CDCF0AC11CE25D3303509C24C8730C9736319E02888113EBB89B5F33F963A
          Malicious:false
          Reputation:unknown
          Preview:{"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736262263"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4L

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\971b699c-43a9-4a7e-8cc4-5a02457a8714.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16337
          Entropy (8bit):6.067303180283269
          Encrypted:false
          SSDEEP:
          MD5:1111DBAC1151C741AC327D32F043A3FA
          SHA1:CB3AABD13B010DA2C8BAB92F05FEEA6842A9648B
          SHA-256:086224FE53F851D43831285C7CD81544AD57775A83A9D4018416CBD5AF151157
          SHA-512:C6DDFFDED79C7EFBC38AA89DC77DBF6B75DFE3306EF84A2916F1A20EF9A1D73F4111E56D072A126752BB527FB004350A4C72383D0D38201E36B9517A9733571C
          Malicious:false
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4LVThXUnCL448fFvVayoDCWsdbVqNMUlJkiPsBWAMpciK6VFzCA4g6Ya+AgMj+8/wkfpDfC4Y2ZPYK8UE

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad\settings.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):280
          Entropy (8bit):1.8589151106631905
          Encrypted:false
          SSDEEP:
          MD5:404ACDFDEC20E5344BA7CC78646EAE80
          SHA1:2525FFBBDAEFF468453CF24760DD92F129012A98
          SHA-256:FCA2F7F7DBCDE84D2535EB6A3B880890555DB48EF27EB9CCC3DBFF7CE249EF43
          SHA-512:F80E03151CFEC3986F79CB932DE856D9CA99331093D46B9BA7B17346558EB9D8E4E2A1FD258CBEC08CA91292C596D0224C81FECE9EAC149486B1D8ABB578EB91
          Malicious:false
          Reputation:unknown
          Preview:sdPC.....................m.]4QPC.~X.t2..................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Crashpad\throttle_store.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):20
          Entropy (8bit):3.6219280948873624
          Encrypted:false
          SSDEEP:
          MD5:9E4E94633B73F4A7680240A0FFD6CD2C
          SHA1:E68E02453CE22736169A56FDB59043D33668368F
          SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
          SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
          Malicious:false
          Reputation:unknown
          Preview:level=none expiry=0.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\0a0bd320-8b74-43ad-9350-24bdd90a8db9.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6159
          Entropy (8bit):4.791045576907808
          Encrypted:false
          SSDEEP:
          MD5:5A13199AF56C57BD52C30AB31AFE386E
          SHA1:A93E2C36BD4804569E2EAFA4CBD289CC0B566709
          SHA-256:ED2A9F69140A41A0AB6FCD12CEF037A9F355DD058D80EFA1D877E549879957BA
          SHA-512:37DED49077002CE325E4F9E7FA0EA6FD3685D31014FD367951113906D9FA17320DE43C917ED6B84D4B6F9BDE84AFA519A8528EA8B371D02114BBE5C57FEA8E1D
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\73f37bad-f217-422b-b2d4-7fc1dc82c301.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):5791
          Entropy (8bit):4.771055897101519
          Encrypted:false
          SSDEEP:
          MD5:678C48FF945B5C7D790EF99D2F913B99
          SHA1:1FB2B2A8C174AD6D3804A018448DED5E3D8BFC8B
          SHA-256:30F6ADC3E3933AD69B0874F4E04E3D9CCA0217A161D076FA057E0138B30E31B0
          SHA-512:FA99B70A3522487D0CCE564F35BDDB2D4DE945D360ABD97346AADA02DA9802AC01D1B1DCE72BE235ECC81E55FACFC6344925856EE00395863E20F5077D31C59A
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\79d9023e-09e4-44d7-ab36-790d02657405.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):5853
          Entropy (8bit):4.778371705445951
          Encrypted:false
          SSDEEP:
          MD5:3A594FEE214AA0FA2B0DC2D8AC89F611
          SHA1:B309ADB223CCCA253448BBFAA1C92A1401EC5240
          SHA-256:4AE0401737761AAB6064D9AF3E9AA865B3B526636B2E84564F74C53D5516EE99
          SHA-512:D9520788624E3F2B09A06DB70F8BF12D191D7E17826BE0A68FF14EFAB408C263F79D30CBDA5D262E1998951CA857713FFEC1BF71F9280F0CC4455F9F8D5D5CBD
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\AssistanceHome\AssistanceHomeSQLite

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):0.3202460253800455
          Encrypted:false
          SSDEEP:
          MD5:40B18EC43DB334E7B3F6295C7626F28D
          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0012471779557650352
          Encrypted:false
          SSDEEP:
          MD5:F50F89A0A91564D0B8A211F8921AA7DE
          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Cache\Cache_Data\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):524656
          Entropy (8bit):5.027445846313988E-4
          Encrypted:false
          SSDEEP:
          MD5:C31A1415A456E37D5F92A754B0127B0F
          SHA1:C2BDA1C93470642BB513FA10D24FED64A8B4AEC9
          SHA-256:E00E717F7F5705682AF27D1C9D742600A7D0E9A240D26307230B2168D59DF544
          SHA-512:09B8E44958238687493B2EC8A2E6A71AD152B2E36904F3194C6F387BED644BCFE44E25439C1791C63A9835AE6501F1CE25B76F7F2DF4E24601C73B458903FEFB
          Malicious:false
          Reputation:unknown
          Preview:.........................................YQV../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):24
          Entropy (8bit):2.1431558784658327
          Encrypted:false
          SSDEEP:
          MD5:54CB446F628B2EA4A5BCE5769910512E
          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
          Malicious:false
          Reputation:unknown
          Preview:0\r..m..................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):48
          Entropy (8bit):2.8981641637663254
          Encrypted:false
          SSDEEP:
          MD5:063CDBB3F4DFF2CFDE43A526E73ED146
          SHA1:562A0A907B109EB1DB1F570F4B7563ED0B3F5A9A
          SHA-256:451C165E16CA26E0443AFBBCF1967D3E2A5E516BC3A815F3B297BC058DB1AC48
          SHA-512:0854D4FFA28DE1255048C0C72772578CDF23C4C0731FBFE44B16ADA55B28811D8FBFA75DE5E7959E6D26E244918629E5FB66C6125F3F843F32C551E8FAB3765E
          Malicious:false
          Reputation:unknown
          Preview:(...e.k.oy retne.........................1.V../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:063CDBB3F4DFF2CFDE43A526E73ED146
          SHA1:562A0A907B109EB1DB1F570F4B7563ED0B3F5A9A
          SHA-256:451C165E16CA26E0443AFBBCF1967D3E2A5E516BC3A815F3B297BC058DB1AC48
          SHA-512:0854D4FFA28DE1255048C0C72772578CDF23C4C0731FBFE44B16ADA55B28811D8FBFA75DE5E7959E6D26E244918629E5FB66C6125F3F843F32C551E8FAB3765E
          Malicious:false
          Reputation:unknown
          Preview:(...e.k.oy retne.........................1.V../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):48
          Entropy (8bit):2.9138909867280645
          Encrypted:false
          SSDEEP:
          MD5:DB7EC9D8F6EEEA7DFAE6B9DBB6A55666
          SHA1:B5B12E07F75626BD26FC43698B1494E7C8DC734B
          SHA-256:8DA42379C3DFDE938F114B0256908BDEC8B540378363F9FFC1105007B9FFCDB9
          SHA-512:2BD9F458B8387A8A81FD95C4DC86660FEC3E9324C958D0905EE04ACA60584000E7BDF4171C8455C9E88D3B99C0B108CFEA2D5A0B88EE854695F28F48516B7ACF
          Malicious:false
          Reputation:unknown
          Preview:(.......oy retne.........................u.V../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DB7EC9D8F6EEEA7DFAE6B9DBB6A55666
          SHA1:B5B12E07F75626BD26FC43698B1494E7C8DC734B
          SHA-256:8DA42379C3DFDE938F114B0256908BDEC8B540378363F9FFC1105007B9FFCDB9
          SHA-512:2BD9F458B8387A8A81FD95C4DC86660FEC3E9324C958D0905EE04ACA60584000E7BDF4171C8455C9E88D3B99C0B108CFEA2D5A0B88EE854695F28F48516B7ACF
          Malicious:false
          Reputation:unknown
          Preview:(.......oy retne.........................u.V../.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DIPS

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):28672
          Entropy (8bit):0.43508159006069336
          Encrypted:false
          SSDEEP:
          MD5:F5237AED0F897E7619A94843845A3EC3
          SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
          SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
          SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\data_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.01057775872642915
          Encrypted:false
          SSDEEP:
          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
          Malicious:false
          Reputation:unknown
          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.001802026882503809
          Encrypted:false
          SSDEEP:
          MD5:7E1CE53FF4ABF1AFBDDF44A4724A7E8C
          SHA1:1ECA80771876D92D0734C9688CF3453352BE8A1A
          SHA-256:73A5442267228911BF651C7BE828E3A0A9A3420A62F1F5A935A1B8E6DF5E3D45
          SHA-512:C2E0E5E1ADDD9CB1E22BCBA0B94EFF7D802A91A594C96AF9BB4A2551AFCBAC9CD21A076A2951F0A5338CC4FBD494B576CA63D32B8DDAF2F807F57FC3E6BC1BDD
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\DawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:16C4B0A5E18A0ECBB2DFDBBC48FB7054
          SHA1:774BCE5F24DB2F0A09E832CFDB447AD5257F3D63
          SHA-256:4A6882F18B5F4AD52F39AD88EF831EB803D7C44E0660F9A0C638E6F227D23B25
          SHA-512:917F301A63FFCAFD1B45DAB5F191962B29FE353D2B131649AF92418B075CE84C5CB8DB7D9AF92FCE5815E2A81A86935E769F8A4A74C93326518D6CF0B9A86049
          Malicious:false
          Reputation:unknown
          Preview:........................................]..V../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\EdgeEDrop\EdgeEDropSQLite.db

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.494709561094235
          Encrypted:false
          SSDEEP:
          MD5:CF7760533536E2AF66EA68BC3561B74D
          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):38
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:
          MD5:51A2CBB807F5085530DEC18E45CB8569
          SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
          SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
          SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
          Malicious:false
          Reputation:unknown
          Preview:.f.5................f.5...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):281
          Entropy (8bit):5.307144023853358
          Encrypted:false
          SSDEEP:
          MD5:3E346159AC46FF57E95C215E9600FE8E
          SHA1:A2235CD6D788C4CFF8F206BA8328527685D874FE
          SHA-256:19A611613BCC641816C2E1D06E8C5412D101E92EE1FC05B40DC6211D077CCC1A
          SHA-512:2B5A3A417FAFC1C4DF9BA1FE1E608DC36B60B2389D5128260B7D667CF94A2950707C1C356624B9759A089D284CFC7D5F114E93405CC34E2BE62A064DCB54A1DF
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.440 19bc Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules since it was missing..2025/01/07-10:03:50.525 19bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Rules/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.2850171909309624
          Encrypted:false
          SSDEEP:
          MD5:35DEAFC44557F9C663DE13C503A53FA9
          SHA1:D47BD4D23096E4E269840EE8E086797C4660A6DC
          SHA-256:C2EBD330FD9D504AB950A151A47688E0E8B9E4597E8DDF75A5A98962242ECFEC
          SHA-512:56F0B62977EF6F7522A47161685B5978A3A0D067C21BFAA8157ECD74E5333ED9FFE5E46F3C778FCFEE321965D3AC94C34D9F7FC6B96DF942517DECB73EA92809
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.592 19bc Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts since it was missing..2025/01/07-10:03:50.610 19bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension Scripts/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):114
          Entropy (8bit):1.8784775129881184
          Encrypted:false
          SSDEEP:
          MD5:891A884B9FA2BFF4519F5F56D2A25D62
          SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
          SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
          SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
          Malicious:false
          Reputation:unknown
          Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):281
          Entropy (8bit):5.260959953420336
          Encrypted:false
          SSDEEP:
          MD5:905FAD50DAA319C6C3EFA8889B2F162E
          SHA1:E869329977CDE97C1C8377298D6B660056C020FE
          SHA-256:B2CA7DE36D1C67BFF5AB0303272FFA226DF9CCA8E94F55F708FCD66DE44CFCEC
          SHA-512:46A91411B6CC3158B3767184739210B7158C1F29373C1E4BCEBF2CED0AADBAB0FF8906D79A8F1066CB18336010F65773CB3C30AAC8FC67B328C7351A3C016E84
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.981 18a0 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State since it was missing..2025/01/07-10:03:50.991 18a0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Extension State/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\ExtensionActivityComp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):4096
          Entropy (8bit):0.3169096321222068
          Encrypted:false
          SSDEEP:
          MD5:2554AD7847B0D04963FDAE908DB81074
          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\ExtensionActivityEdge

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.40981274649195937
          Encrypted:false
          SSDEEP:
          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Favicons

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.6975083372685086
          Encrypted:false
          SSDEEP:
          MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
          SHA1:C569D730853C33234AF2402E69C19E0C057EC165
          SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
          SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\GPUCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018094250832613847
          Encrypted:false
          SSDEEP:
          MD5:04D84D2E91B5EAC9E5350B93FDCB9F0A
          SHA1:9E2088E355A4F01C6799562BBCFEFD70FE10B2F9
          SHA-256:30F511D92466C59289A003F004B6D3A14C8A1919195E5D0D49441E7370F03389
          SHA-512:B1B52C7BA1EA2578D787E020418EE33A356510849C8BE35938BBEEED6494B994438E12C5CF261A4B4D76A8A6AF2B6B497CF73712A3D2BDFBA6B3BFC651FEEAF1
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\GPUCache\data_3

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.012340643231932763
          Encrypted:false
          SSDEEP:
          MD5:41876349CB12D6DB992F1309F22DF3F0
          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\GPUCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:A3EB38852FC77EBE0C887C8C29805407
          SHA1:2AA72419ECA42CA6BBEDD0BA92EE8B294AB015B3
          SHA-256:6DD3715412024F72BF351724FF5B579C551F092E038C78CC7F8F66037B3B46AF
          SHA-512:E49592FE8E8B64EFCCACA4E15A67A2EB1EB973DB5CD7C9FCEFD7A8FE379DFC78B0F8F7D2F09D9FAD90564FB51A9E8CB613E3B2DE0051A144B8CC8A8FF0E39AC3
          Malicious:false
          Reputation:unknown
          Preview:...........................................V../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\History

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):155648
          Entropy (8bit):0.6551795573012152
          Encrypted:false
          SSDEEP:
          MD5:E4606602EC2E5235C220748B02056283
          SHA1:F28B3A8BE7804B51A773DC8EA0A07465AAC1D830
          SHA-256:3B4BA2C0BF4B7ADA9502175C39B5C9CEA8EBC5BADF7C69F5DD3256BF68339CEB
          SHA-512:69E6BC30FD2AC3682D984536FF8A4BE7FE66ABF2803571F90E3774FEFC7E5E4F32B187038566496B51112A34E814C95875BCB6828610C4D94CBEEE6717BCB7E4
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):293
          Entropy (8bit):5.276802977201145
          Encrypted:false
          SSDEEP:
          MD5:E22EEA971F7DBFCE529883FD5B66EB9B
          SHA1:5E78E14CEFD09C694D4FD89D9D5FCE7F398F19A5
          SHA-256:18C26C02337CAD376687B08156A7BEDBC0C1DD3118D5C2C6E94D05AE7C2EBE40
          SHA-512:D8A4CC34E24914C47843FE273E2016F19BE593384E423465CBF1CEF49A03B43B4DEA76BEFE7902D9D228E968B0A0B5BAE209736432AE65BF09500102FF4E24C5
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.735 13bc Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb since it was missing..2025/01/07-10:03:50.755 13bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Login Data

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):43008
          Entropy (8bit):0.9009435143901008
          Encrypted:false
          SSDEEP:
          MD5:FB3D677576C25FF04A308A1F627410B7
          SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
          SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
          SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network Action Predictor

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.40293591932113104
          Encrypted:false
          SSDEEP:
          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\19e3401f-c006-4488-b648-76a822cf2b31.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2
          Entropy (8bit):1.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Cookies

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.6732424250451717
          Encrypted:false
          SSDEEP:
          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Network Persistent State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Network Persistent State~RF475c9d.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Reporting and NEL

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.5559635235158827
          Encrypted:false
          SSDEEP:
          MD5:9AAAE8C040B616D1378F3E0E17689A29
          SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
          SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
          SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\SCT Auditing Pending Reports~RF46d963.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:false
          Reputation:unknown
          Preview:[]

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Sdch Dictionaries (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:false
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\Trust Tokens

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):36864
          Entropy (8bit):0.36515621748816035
          Encrypted:false
          SSDEEP:
          MD5:25363ADC3C9D98BAD1A33D0792405CBF
          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\d28c7359-1a56-408b-97d3-2acee6d1d364.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):59
          Entropy (8bit):4.619434150836742
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\dbac9ed3-7087-4dfb-a4f0-c7835c43a229.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):40
          Entropy (8bit):4.1275671571169275
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:false
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Network\f41b4983-8a2b-446e-b78f-da03abbbfe6d.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:modified
          Size (bytes):111
          Entropy (8bit):4.718418993774295
          Encrypted:false
          SSDEEP:
          MD5:285252A2F6327D41EAB203DC2F402C67
          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:678C48FF945B5C7D790EF99D2F913B99
          SHA1:1FB2B2A8C174AD6D3804A018448DED5E3D8BFC8B
          SHA-256:30F6ADC3E3933AD69B0874F4E04E3D9CCA0217A161D076FA057E0138B30E31B0
          SHA-512:FA99B70A3522487D0CCE564F35BDDB2D4DE945D360ABD97346AADA02DA9802AC01D1B1DCE72BE235ECC81E55FACFC6344925856EE00395863E20F5077D31C59A
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF475104.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:678C48FF945B5C7D790EF99D2F913B99
          SHA1:1FB2B2A8C174AD6D3804A018448DED5E3D8BFC8B
          SHA-256:30F6ADC3E3933AD69B0874F4E04E3D9CCA0217A161D076FA057E0138B30E31B0
          SHA-512:FA99B70A3522487D0CCE564F35BDDB2D4DE945D360ABD97346AADA02DA9802AC01D1B1DCE72BE235ECC81E55FACFC6344925856EE00395863E20F5077D31C59A
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Preferences~RF475c8e.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:678C48FF945B5C7D790EF99D2F913B99
          SHA1:1FB2B2A8C174AD6D3804A018448DED5E3D8BFC8B
          SHA-256:30F6ADC3E3933AD69B0874F4E04E3D9CCA0217A161D076FA057E0138B30E31B0
          SHA-512:FA99B70A3522487D0CCE564F35BDDB2D4DE945D360ABD97346AADA02DA9802AC01D1B1DCE72BE235ECC81E55FACFC6344925856EE00395863E20F5077D31C59A
          Malicious:false
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380735830899595","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false,"profile_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":450,"browser_content_container_width":550,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13380735830835482","domain_diversity":{"last_reporting_timestamp":"13380735830898585"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consu

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\PreferredApps

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):33
          Entropy (8bit):4.051821770808046
          Encrypted:false
          SSDEEP:
          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
          Malicious:false
          Reputation:unknown
          Preview:{"preferred_apps":[],"version":1}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\README

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):182
          Entropy (8bit):4.2629097520179995
          Encrypted:false
          SSDEEP:
          MD5:643E00B0186AA80523F8A6BED550A925
          SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
          SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
          SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
          Malicious:false
          Reputation:unknown
          Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Secure Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2F7D0E32DFEADE08FD6131B90A0BFD9D
          SHA1:9BC6073398284C9346E08B4135580BE6BC542B41
          SHA-256:F537B03DA223D42D18897F9F0048FDDED51C95B638C5BEF2E2FFBFE13587269E
          SHA-512:4373CEBB056035B0BE1C2AE671A9DB60F617A6248A9473519B580CE55A1BE88CB2429D4FACDA54E24CA5FC0DBD96318B44CD4B417F7C53B8CB82087D85B1742A
          Malicious:false
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380735830440465","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380735830440465","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:modified
          Size (bytes):61
          Entropy (8bit):3.7273991737283296
          Encrypted:false
          SSDEEP:
          MD5:9F7EADC15E13D0608B4E4D590499AE2E
          SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
          SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
          SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
          Malicious:false
          Reputation:unknown
          Preview:*...#................version.1..namespace-..&f...............

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):281
          Entropy (8bit):5.280307388698173
          Encrypted:false
          SSDEEP:
          MD5:DFB933E1540418FBEDC1967F800C08A5
          SHA1:3A327BED3F047B2295C1204FCA04F5846F6D5941
          SHA-256:D1EA42E0E45A8E12A9BDD03C888239BEAF7E0529389021FDFF687AAE4BF00DC7
          SHA-512:4D3E9DEC75298CA387A9C782347B8A02832AD84D5BCE6E2730D5C9C11973EBA301CC3D6F1519FAA876C2B88E95378CDBCB1911513900A7A1C5D4C79B3C2393A1
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:04:23.604 13bc Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage since it was missing..2025/01/07-10:04:23.624 13bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Session Storage/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):40
          Entropy (8bit):3.473726825238924
          Encrypted:false
          SSDEEP:
          MD5:148079685E25097536785F4536AF014B
          SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
          SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
          SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
          Malicious:false
          Reputation:unknown
          Preview:.On.!................database_metadata.1

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):309
          Entropy (8bit):5.2284637880740314
          Encrypted:false
          SSDEEP:
          MD5:16EAF01210D8129F02918222D58D1BCA
          SHA1:30F21E6F611F9C1E6E4D1997A4F2E77CD99382AE
          SHA-256:717DB27377D18C13BEF77AD76F2BE3A5136EC625890073B9ABD8AB2FC21F7434
          SHA-512:4DA362D6D90DC2916C591CF5CF4496E3AE3DBCF76E23C29191805C0BB921EE9F442AA46C4D7B38CA1DD586754FA75FAFA8EAA0679F74100A67B1322BC0A9E782
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.423 19cc Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database since it was missing..2025/01/07-10:03:50.443 19cc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\000003.log

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):46
          Entropy (8bit):4.019797536844534
          Encrypted:false
          SSDEEP:
          MD5:90881C9C26F29FCA29815A08BA858544
          SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
          SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
          SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
          Malicious:false
          Reputation:unknown
          Preview:...n'................_mts_schema_descriptor...

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\CURRENT (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:false
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\LOG

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.308290255952407
          Encrypted:false
          SSDEEP:
          MD5:16119043B610A0E087AE11A91DFEE93A
          SHA1:A10B847DCAFA5D0AA2250522292A6359B7447DC8
          SHA-256:5D33EB217A35FE8696E10320CB6C46C2DDD4D2ED28A13C0F00436A85BDC4D1CD
          SHA-512:93B651CEE396B795467EDC5B53607ADD58FB116D00D506A689323DD08BBDEC1A985618A333E9B144DA92D9CDA15A365CAF78B772C0C07ABB3B4ADB98F83A3A56
          Malicious:false
          Reputation:unknown
          Preview:2025/01/07-10:03:50.856 18a0 Creating DB C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB since it was missing..2025/01/07-10:03:50.867 18a0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:false
          Reputation:unknown
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Top Sites

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
          Category:dropped
          Size (bytes):20480
          Entropy (8bit):0.3528485475628876
          Encrypted:false
          SSDEEP:
          MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
          SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
          SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
          SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Visited Links

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):0.005521385156463277
          Encrypted:false
          SSDEEP:
          MD5:8B4978A3BEE0D77FE8F23761839223A2
          SHA1:E0C8740315CD2DFF5ACCBAC0FEDC4816B7BDBA0D
          SHA-256:100D08D0F9DE736656B6200FA9B4621A25CBD30C0CB04D152DA48BC6E9789B64
          SHA-512:F307B9F5F01CFA9EFB62F2AF93447B4A6F1055F315F2CCCF55BB409961B7DBF22F1D73F24C59E1ABABB629C21B2263047A795C3F1193486EFF1FA7CE922E7D6A
          Malicious:false
          Reputation:unknown
          Preview:VLnk.....?......o..FF..}................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\Web Data

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
          Category:dropped
          Size (bytes):178176
          Entropy (8bit):0.933882896132766
          Encrypted:false
          SSDEEP:
          MD5:C4095F145062256A7864D9F2BC56A865
          SHA1:8CF278F2E87EC13DFED4E69F1196BA03345515C9
          SHA-256:78F8E03EC487EDF097F9AEB047743F9EF244F96D9CE815E7EDD23C8750EB5771
          SHA-512:287DA1EA23B1500508F1A6B8C68B965E739B0F26F04F386F8EB5FDC54A4EC323A5C691771F1A4F45FC8BDAF9B7CF2BEB21F3EDDBA5CB8A8932DD363B6BB23ABC
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\c405f1c6-bdca-4c82-8efc-d8f817791bdd.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6780
          Entropy (8bit):5.580223886361321
          Encrypted:false
          SSDEEP:
          MD5:2F7D0E32DFEADE08FD6131B90A0BFD9D
          SHA1:9BC6073398284C9346E08B4135580BE6BC542B41
          SHA-256:F537B03DA223D42D18897F9F0048FDDED51C95B638C5BEF2E2FFBFE13587269E
          SHA-512:4373CEBB056035B0BE1C2AE671A9DB60F617A6248A9473519B580CE55A1BE88CB2429D4FACDA54E24CA5FC0DBD96318B44CD4B417F7C53B8CB82087D85B1742A
          Malicious:false
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380735830440465","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380735830440465","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Default\heavy_ad_intervention_opt_out.db

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):16384
          Entropy (8bit):0.35226517389931394
          Encrypted:false
          SSDEEP:
          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018094250832613847
          Encrypted:false
          SSDEEP:
          MD5:6561EA908B09DD4A960594B274582174
          SHA1:21C31987FF1E48A5080483C4F8A08A1C648FC948
          SHA-256:AEB182B392F2505F2DDF111E3CC79F5488BEAC35A57241CB0213D4A17B17865E
          SHA-512:0A85132A65D2BEC89FC823803F061E83A8AD4C7AAD16F0836829CD900523B724212ECD97C41B6E3C6A8C45984D7774A1F6930E5134A5865CBAC9DFF01E87AE38
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GrShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:8C791BAE5D928623B4B726EE0840EEEB
          SHA1:1D4B55BAF747C13504E8029984C5CCA8C1766169
          SHA-256:C4306EDA5A544DE01D7FB1F994CEAB1A0CE905550129F4542A9BF48D1725B0E3
          SHA-512:EA57984DE645814586500B229A767E3E6A22DA7943C5E86931D1443BB63DAAA478B306E1FE4395FD0B824C7CCF4D4E45B2D538542BFD1FBD34DAC193196428CC
          Malicious:false
          Reputation:unknown
          Preview:...........................................V../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GraphiteDawnCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.0018094250832613847
          Encrypted:false
          SSDEEP:
          MD5:2AF6037A9A499BABCE9C29480069002B
          SHA1:4D510F51F85792C9C68F29674EDDED6AE9A1029E
          SHA-256:63BFE5066BA09203FCB4C6F8DE767FBD7CF7BAE6A9D829E04060F51CD491F65E
          SHA-512:300078663B9B694CFAF5B881D65D3CC427C72320AD0AAA47D4C7DE708183AEE60CA7BA63DE9A2072B9BDD0DA2CAA97FAD6B3D5E11BFB6E4BD14436749D06BFCE
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GraphiteDawnCache\data_2

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.011852361981932763
          Encrypted:false
          SSDEEP:
          MD5:0962291D6D367570BEE5454721C17E11
          SHA1:59D10A893EF321A706A9255176761366115BEDCB
          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\GraphiteDawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.47693366977411E-4
          Encrypted:false
          SSDEEP:
          MD5:DA78C5C487A30EA9D8580527D1CE8B71
          SHA1:A08599787E2C843A237B1CB09AFDB701D1F8412D
          SHA-256:E755B29F244CE3131057DDFB926E40E39E8EBC8AFA25F86A61C362042CA5F947
          SHA-512:A57F56CF1EE47684BC42CCE05940A22F6132FB4468BCDA7C86B9C66A2A3F373D0C00F5D2D216A32B25DA805D08860A8DD9BD1CFFE1FE620BFBE11B4D25ED1321
          Malicious:false
          Reputation:unknown
          Preview:...........................................V../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Last Version

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):13
          Entropy (8bit):2.7192945256669794
          Encrypted:false
          SSDEEP:
          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
          Malicious:false
          Reputation:unknown
          Preview:117.0.2045.47

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF46d879.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF46d8c7.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF46ffb8.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF47501a.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Local State~RF475ba3.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58CB0E8808F80081F8B61EE0722DB274
          SHA1:2ABEB367AA824AE3F6A898792077BDD3FAAEE60B
          SHA-256:61B722C2F069D2481D106A435A486A1CB492240D74BEB9F2E07FE5B2983BE1A7
          SHA-512:34635EADABE2DB6BCD929B946D4536B2F56D3757037B4327F8C22C7818EFC8BAD8EE3AFE1A879A676478AECB54B771A75B7BE93716217E45C81697944001E096
          Malicious:false
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"uninstall_metrics":{"installation_date2":"1736262230"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":6847,"pseudo_low_entropy_source":4989,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13380735830148201","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\ShaderCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:modified
          Size (bytes):270336
          Entropy (8bit):0.001802026882503809
          Encrypted:false
          SSDEEP:
          MD5:70C5A91356A1DFC925763DF5600E7756
          SHA1:3F3AFD1AA86F4D7873C8F4438B431FCF436157F9
          SHA-256:EC5970D842677CE881B265355B8BB7776CF62F7339A340274CBD9BE76FB3B292
          SHA-512:B4FD46A10E2BFECCABF9F548BF1C45CC975F9EEFB393432275CFC031F85C598CE45ED9FA9B25D87608BFF93F6D2A6224F9B0114AF66B23C6AF76152ECEB399EB
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\ShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:11F9A01662A60C2FD68815B09A3D115E
          SHA1:8D8C873CC3C7796908824DFCE217984804FEE533
          SHA-256:D41D8F703A8BE3263BA8578B58420854967EA28DF72583A6F208A7810F771F60
          SHA-512:C701F4304CFA0D62D9A0F64171DCE0A18AB56514B610B045DE1AB42759A9BAD665D5B80436F79195098AAC5D75F19FA60C28CF8FD3C27A31A41712B69AC27CC0
          Malicious:false
          Reputation:unknown
          Preview:...........................................U../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):29
          Entropy (8bit):3.922828737239167
          Encrypted:false
          SSDEEP:
          MD5:7BAAFE811F480ACFCCCEE0D744355C79
          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
          Malicious:false
          Reputation:unknown
          Preview:customSynchronousLookupUris_0

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\edgeSettings

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.5724312513221195
          Encrypted:false
          SSDEEP:
          MD5:5692162977B015E31D5F35F50EFAB9CF
          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
          Malicious:false
          Reputation:unknown
          Preview:edgeSettings_2.0-0

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):3581
          Entropy (8bit):4.459693941095613
          Encrypted:false
          SSDEEP:
          MD5:BDE38FAE28EC415384B8CFE052306D6C
          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
          Malicious:false
          Reputation:unknown
          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):47
          Entropy (8bit):4.493433469104717
          Encrypted:false
          SSDEEP:
          MD5:3F90757B200B52DCF5FDAC696EFD3D60
          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
          Malicious:false
          Reputation:unknown
          Preview:synchronousLookupUris_636976985063396749.rel.v2

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):35302
          Entropy (8bit):7.99333285466604
          Encrypted:true
          SSDEEP:
          MD5:0E06E28C3536360DE3486B1A9E5195E8
          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
          Malicious:false
          Reputation:unknown
          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\Variations

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.3488360343066725
          Encrypted:false
          SSDEEP:
          MD5:BC6142469CD7DADF107BE9AD87EA4753
          SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
          SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
          SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
          Malicious:false
          Reputation:unknown
          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\bf6e3005-582a-46f2-8393-6e000fae42db.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16246
          Entropy (8bit):6.067841134881116
          Encrypted:false
          SSDEEP:
          MD5:0741D35852D0612D8E9935C7C4835A2A
          SHA1:259B2BDBF290F7898FB08A4407DBC90401232A54
          SHA-256:7458235BC85B7DFD44AFA8AD47E2C39500A7C6FF02BC00A83939387FA8793909
          SHA-512:1D3C33D96CD5CF7AE5522467046085B8DD4F696D7BCDDDB4273D1D20DA30000B160231FF4EE865A53F9B654A2FFD11C424078DFDF8FEE367F23A3113FF6A8B5A
          Malicious:false
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXMpaCsrtm158Ii7QF+b2Xe4pcP9WmmQQPfW3MPK3vutAkF92eZ7P7Xw59TAM/Xo+dJlBvYcfjI+KQYiMwDeq8wvchf+8fPfPPLcZ/KFm8bG4FljbVPigsVWQEqHL2vBay66hdg1F7Kydil8K9Pwl4LVThXUnCL448fFvVayoDCWsdbVqNMUlJkiPsBWAMpciK6VFzCA4g6Ya+AgMj+8/wkfpDfC4Y2ZPYK8UE

          C:\Users\user\AppData\Local\Temp\MSSPWebEB\EBWebView\cf2be213-2312-4cc9-89d0-a3423c54a188.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2900
          Entropy (8bit):5.303116554157178
          Encrypted:false
          SSDEEP:
          MD5:8366BB348816A9EAD5C40ACEF8A05C0A
          SHA1:806A51579D8C997D6881D751F378C6A00C6A5D22
          SHA-256:3CBF4C3CF4425E4E2C1A333D15EB292A07D58A63605218875FD34B5A15285C78
          SHA-512:771D3A1B92487242F7352AF9E56A07FD66DBF4F15B366E333EAC06ADF669D8400CBFA839105E78D8B883F4B4D2C85B2E32A3A2F80AA048390777CF0C3E0E554D
          Malicious:false
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADr8H/x8ZUfRaylGyicvw0HEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA2ua+vIOAkvt+sjt3F1KxAjWTNY/rX+fODTu2esIuqigAAAAAOgAAAAAIAACAAAABy5892+NKrUC5Wv2TBpLJQC0HaxSgb5iTIhYEsEumk7zAAAADneXfXPVhi/DMvywjq+ZlTpas3kcwTJfO3Jlh5Mv/icYe7uyAbXWIWXEWE2I6ptCxAAAAAJtOpdFFn5GQozUIONZNmxX3hTfGR/C20srB+MevCNGbJ6BFqae9rK/tuKh+yyDMjmQx/mMyJ9+ologSQGSb+1w=="},"policy":{"last_statistics_update":"13380735830317040"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\InstallHelp\SecurityScanner32.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4596888
          Entropy (8bit):6.5841460391252165
          Encrypted:false
          SSDEEP:
          MD5:834A987E4F283F471039365CE4284C54
          SHA1:7B32A5F0B34B113492AA530DA3EA75BC000B65BA
          SHA-256:C9B2B122BF6E541E5FC07863E0ECB8922DABFA79004D1D29EB7E6D888BF01A91
          SHA-512:67C7EA1808690CF27DFEADFB55DAE9365E222D9B5CBD557536999A1C8BBE0428EB91DD226D902D583E4CAFB1C96B770CA7558E7C94395C35EC5829B4DF555473
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........g.ED...D...D....~.......x..W....x..Y....x..5....s..E....X..L.....P.@....X..A....t..F....s.......~..Q....~..f....~..F....~.._...D.......^y......^y..E...^yd.E...^y..E...RichD...........................PE..L...2.Mg...........!...$..2.........%T,.......3..............................pF.......G...@...........................>.......>.T.... @.`............^E.......D..c...w:.....................@w:.......5.@.............3.(.....>......................text.....2.......2................. ..`.rdata...3....3..4....2.............@..@.data...8....P>......0>.............@....rsrc...`.... @......&?.............@..@.reloc...c....D..d....B.............@..B................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\Installer.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):877
          Entropy (8bit):5.2855919419236725
          Encrypted:false
          SSDEEP:
          MD5:D33D6273D4A553680525F68A10798AE8
          SHA1:E9D8DA1140F4DA8355741CA0E16EC9E582DE55F5
          SHA-256:F62CD148AAD0D4A67360E7A359E11A8E4D3297B76E3438E1876F76E7ED8DE91A
          SHA-512:C70E773B48785D56489CF8C6FA38A2B11FC94B6567595E33E61C599DADDCD3544F7EF1D8F9A54260C8DB94BCF010DB22D93F0E1580EDF6C8F2DC0920A3D06307
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM =/inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):377392
          Entropy (8bit):7.282404881793305
          Encrypted:false
          SSDEEP:
          MD5:5DC3CCE86B3CEEB218E9F863F2F6138A
          SHA1:1AC9E4569E740935932902DE75800F764DC8CF48
          SHA-256:D9A51DB6BBC42F95E42E78437E84CD8F08B46612DBB302474C8AFD808BAB3560
          SHA-512:DDA90E140DFAB47B58202413710A0FF84815FC7AAA64C623C9B84839473B01334F68425A423C04A727362AE89EAD3BF21D47650EDD0D52B4FE7F4CA584B8C4C2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p............@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............|..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):400240
          Entropy (8bit):7.124668438872334
          Encrypted:false
          SSDEEP:
          MD5:E17E42295EF88B792D3AF84A87FF76D9
          SHA1:4AAF1789B57B5EDBBAF6CE416B09E191756124B5
          SHA-256:8FACA2B9ED48DE9DBEF7B6C8ABDF93DEB809736F3EEC4E3B43E8C8844311F6AD
          SHA-512:3C9E5EE4E01DC3B397D4550FDAC8CFBAD8A3BAFCC31EEDEEBB6BEC495BF28E381B9E4FA4451BF12CAC8CCAB6C50C99DB93F84E2F73F8B9DA594696D167AB3CEA
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...w.Mg...........!...$............................................................6.....@.......................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@....w.Mg........................w.Mg........................w.Mg........l... ... .......w.Mg............................................RSDS...>...A.3....z.....C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerRes.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....2..@....rsrc$02................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerRes_LD.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):178176
          Entropy (8bit):6.301457895933317
          Encrypted:false
          SSDEEP:
          MD5:8A5824509967A5629F2796F64D4C2FFA
          SHA1:C4BE38D93CC70259F3947DDCF31488203C53C0AF
          SHA-256:1C17FDA60EEB77E644D90B5F58180FFE6806F34D90896CA639E2224D03A53BAE
          SHA-512:83CB1F45EA629F2613AE771EB545CCB7DFD43F1CF51EE5FC612AB47315C78661D6E82C4E58718D35FD794CBEC726C58B764B65C80770FA9F29C3FBDE3DC6A991
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...x.Mg...........!...$..................................................................@.......................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@....x.Mg........................x.Mg........................x.Mg........l...$...$.......x.Mg............................................RSDSG...[t.B.}.b.3......C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerStringRes.pdb.....................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p*...w...rsrc$02............................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McInstallerStartup.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):2891872
          Entropy (8bit):6.578978372278864
          Encrypted:false
          SSDEEP:
          MD5:B218DDDA034E0B49A889A837FE3C425B
          SHA1:F422ACA34A87854B84BCDBC5F09E8AD70B1463F0
          SHA-256:E171C9C660CA4BF479A891E0CA83349ABDDEA494D103ED416FD901326C3CCC96
          SHA-512:FA9E33C2A5C8816A51D5D008B236F5BD96E95F126876EBAAA83AA60C0EAB021A3C702DDF5BEA4DD1AD1CD361027CD26B706154C001BD2366530B7EAF9C924E1F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........J...+q\.+q\.+q\.Sr].+q\.St].+q\.Sw].+q\uUu].+q\.Su].+q\uUr].+q\uUt].+q\.Sp].+q\..\.+q\.ut].+q\.Yp].+q\Fuu].+q\.+p\.)q\j^t].+q\.Tx]N+q\.Tq].+q\.T.\.+q\.+.\.+q\.Ts].+q\Rich.+q\................PE..L....Mg...........!...$.....................@...............................p,...../&,...@...........................'.......'.......).p$............+.`.....*.d...P.$.T.....................$......U .@............@......8.'......................text...T,.......................... ..`.rdata......@.......2..............@..@.data...x.....'.......'.............@....rsrc...p$....)..&....(.............@..@.reloc..d.....*.......).............@..B........................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUICnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):643008
          Entropy (8bit):6.475804927379698
          Encrypted:false
          SSDEEP:
          MD5:4C62CD83B27CC97C1F223D87A1342609
          SHA1:48E49A46D15CD6DD9C9D510598630FF90AA04405
          SHA-256:21B2599255DE6BB4FFF70FD8E1213FB68EAB4ECDF9C6E62E098E1C377B9F549F
          SHA-512:4C5F5371F52B5F12E1BF9CDD880F9F7CB09A3D4301D57A637A4B862988D01BA1679907E74D4CE4BF8CDE3B94BDDA2DDAA05749637CB775081FD276412EA47C16
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........*...y...y...y3..x...y3..x]..y..qy.y..x.y..x...y..qy.y..x...y3..x...y3..x.y...y..y[.x.y[.x..y[.x.y[.sy.y[.x.yRich...y................PE..L...$.<b.................n...2....................@.................................L.....@..................................K..(.......@................?...`...\......p...............................@...............X....:.......................text....l.......n.................. ..`.rdata..\............r..............@..@.data....J...`...6...L..............@....rsrc...@...........................@..@.reloc...\...`...^...2..............@..B........................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\McUtil.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):547496
          Entropy (8bit):6.667744702863496
          Encrypted:false
          SSDEEP:
          MD5:2875B97922FC5866CCE10CA7E41764F6
          SHA1:0FD21C7EAC44C31B2C93C7A2F883D8156D514F7E
          SHA-256:6BC65601A06E448A5A74BAD1C1A38F7A506B0CD40F1D998576B43D15C5BFCB33
          SHA-512:8CC027DBC038B80E31C74E141FED47CFE0B2FAFC61EC73834249D629543DD248E35726BEBAA24893CC904AD8480084E1E83C30D9F860F2FAFB1E701AED479A0E
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........1.]P..]P..]P..."..OP..."...P...%..LP...%..EP..l.V._P..."..FP...%...P...%..YP..]P..DQ..."..FP...%..}P...%..\P...%T.\P..]P<.\P...%..\P..Rich]P..........................PE..L....>.e...........!..............................`b.........................`......$.....@A............................................................<......lK......p....................0......@/..@............................................text............................... ..`.rdata.............................@..@.data....0......."..................@....rsrc...............................@..@.reloc..lK.......L..................@..B................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MicrosoftEdgeWebview2Setup.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1613584
          Entropy (8bit):7.928885269713536
          Encrypted:false
          SSDEEP:
          MD5:BFB1DDF7FA6CFA1153B09DA5046A03E5
          SHA1:000AF4A0A2229D6829E7712837B70F8D3FBD93DF
          SHA-256:77298B0354A60501774F4E6FDC1E34899228158346E77C3A989F95899ACBAA2A
          SHA-512:D0BAEC7279DE0BBE40A27026156868A709EE0B69787F2C1256BA14494E43B35BF22FEFB4937F79FD41B9F930B0833BA128B3164A07A5EDD0296F3BF215A48E9C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@.......................................@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\SecurityScan_Inner.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):9860336
          Entropy (8bit):7.9957035239087695
          Encrypted:true
          SSDEEP:
          MD5:555332D3D4F3197D171CB5B1331B15D9
          SHA1:C484535D048AFA74E96E80DE8A5882E75CC81F88
          SHA-256:03125B0850EE880F80F8E6A164CE2BDDEB65106771F1A71ED46C06B8F87A8DB4
          SHA-512:8E7E329F238A3BB1E5F6F847EBA579E20B9B0C047B73F922F76AF156BAE2B9CE28413B671994DAF3BAECA8BF4239CF53C9E2C5BB5F7634A1B71D622D3270A672
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`............@.................................0........................E..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\System.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):35200
          Entropy (8bit):7.278358293307135
          Encrypted:false
          SSDEEP:
          MD5:A38E7212C958A2466C91D06C7E7E08CD
          SHA1:90FC6AFA017D4BCF5E4DFD17460E2EF3380DF31D
          SHA-256:76F80D4ADD843D5E2B5BBD3C7DF915035806571E622B6DBAC55D13FD4AFA9CA5
          SHA-512:F6D9320D69F0C4E8A58283705D9BDEE17066B914E6262AD98EB3A4C8934F7EC7384296B4649E7C64C2FD5D85042713B40F635E90EFA2D797E91E8A2CDD9F372B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`...........@..........................2.......0..P........................[...P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\UnInstaller.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:modified
          Size (bytes):638
          Entropy (8bit):5.1170666732595915
          Encrypted:false
          SSDEEP:
          MD5:3D4A63890C3559291301D9BF79837E9F
          SHA1:D3B4023510AD4A5A1D90B790A46596A2159C2A18
          SHA-256:1AE3FF0EA0A4F652477C6D7FAA07374BD676BE26C611A0DD1A891D36C99B9623
          SHA-512:C83A1F3C624B3E423D7E73F55C57CF292CAA27BB360FB2481259C8C169A79F263C2BEBDBA6FD6E7DEB7F47622EDF25B336372AEA5FE163E09C4457717A26C094
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION =C:\Program Files (x86)\McAfee Security Scan..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):117208
          Entropy (8bit):6.488135475856746
          Encrypted:false
          SSDEEP:
          MD5:91AD16B368C7703E9B3D7AC665D67A47
          SHA1:95C801D6D350A5820607253C7A3B7DF527651575
          SHA-256:5659CBAE9F3D412662515671A6C85AEFE08EEE17118C3DE1330A2FED74DC415F
          SHA-512:CAD3A972EEE03ACB3E8EA4D5D1D306EBA0E2FF65388250EBEB65FB36CE0DEF82323487A70A9FCE0D8DDF633F68A12619B3650A1BF2E2CE4876C47F5EC023396D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...vS@e.........."!................PD....................................................@A.........................u.......v..(........................'...........n..8....................l......`............... x..<...lt..`....................text............................... ..`.rdata...u.......v..................@..@.data...,............z..............@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\ftconfig.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [DataAnalytics]
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.0826755320356485
          Encrypted:false
          SSDEEP:
          MD5:62AA0E131ACA3C262A709155696CB68F
          SHA1:350B8EA9950D8ED32EBA26D2F4D5D94AA97BC590
          SHA-256:0EEE12B0FFE65CB39C8C624B5D43085E8859B1F0FF4EE05E1921790055BEDF23
          SHA-512:3CFAABEB150803C0D32EA5593748A1F5BA23702617CDD2EAD82FF11AD61C8A8BCF63A67573852035D210F56399065865ED16D6F2606BF1420BBEC1DD4413E3CC
          Malicious:false
          Reputation:unknown
          Preview:[SecurityScan]..ScanParameters=SecurityScanner.dll /auto /nosplash..ScanUrl=https://liteapps.mcafee.com/V1/StaticUI/Default..HelpUrl=https://liteapps.mcafee.com/V1/StaticUI/Help..Rank=10..RequestedAffid=0..ent-detect=1..eula_major=3..eula_minor=0....[DataAnalytics]..TrackingID=UA-49812791-4

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mc-webview-cnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):754128
          Entropy (8bit):6.410611291801307
          Encrypted:false
          SSDEEP:
          MD5:CD7D48BB339C72CCFE7DA3A3164180BC
          SHA1:E806553AC8B062CC5AF5728FA56FCB5E9F7E0C7E
          SHA-256:7C518FDD5FD65A0C69772A6727AFCC649B4032C9B2CDDD6048F2EF13DB4042A3
          SHA-512:05985736B987A58FEEF119133034E579C0A3AD64134566A93A987595163C07D600C943A33A7ADC223C4337E331D80CA7F695DD1F575F1B8D221AEAE3EA1284CB
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................r..p....p....p...............................^........../....G........Rich..........PE..L.....Mg...............$............@........0....@..................................l....@.................................x........................>...C.......i...k..p...................@l.......R..@............0..@............................text............................... ..`.rdata..,....0......................@..@.data... ........:..................@....didat...............0..............@....rsrc................2..............@..@.reloc...i.......j..................@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\mcbrwsr2.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):538720
          Entropy (8bit):6.652652805025692
          Encrypted:false
          SSDEEP:
          MD5:4E87CE2F2F5A417B6BA0483C7BBDBB34
          SHA1:00AD3D3809915B2DE51000A62DDCD9CC518E7162
          SHA-256:CDAAC280D26AB706445DA1C8CB5660438B3E2727C48FE26510769E006EB97507
          SHA-512:A08A12A7CED53934B380DAA64072965C9F6FCBAB40C72E1901840879957EE91A2FD6FE25D7E42B8621823F81F1AC8FC0B9469EEDED53FB910902D1334619F719
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........7^..d^..d^..d..e.d8.od_..d..eO..d..eF..do.od\..d..e...d..eN..d..e...d..e_..d..e]..d^..d~..d..e\..d..er..d..e_..d..md_..d^..d_..d..e_..dRich^..d................PE..L....>.e...........!.........r.......1............@b.........................P......x%....@A........................0p.......q..(.......(...............`<......<W..................................hL..@...............d...4c.......................text............................... ..`.rdata..............................@..@.data....@.......,...p..............@....didat..............................@....rsrc...(...........................@..@.reloc..<W.......X..................@..B................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MSSPResExtractor.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):377392
          Entropy (8bit):7.282361172764569
          Encrypted:false
          SSDEEP:
          MD5:1D4D8B99FD6458313A6BEAB28A1AA34C
          SHA1:4CC8BD60F4E579A1DC05EB8082F0A36B29D1CFFD
          SHA-256:F64B316542A756EEA0F0016C05C5F902A8FF3F2A61D7A2C1459716A5F3220AB6
          SHA-512:BFCB0D1A88EF03F5B1CA647360A78B60209F8835C4DD0DD06CAEEA06BBEF89621CC65DD0C376C8370DB20C6F123BE454B9730F6952F9189BBC65C4A58CEE814F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p......'.....@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............|..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):400752
          Entropy (8bit):7.121517425386084
          Encrypted:false
          SSDEEP:
          MD5:6385D9CAD8F2CB279F1140DAE260EA1F
          SHA1:DC7941FDDB5EF4CA2ACD3ACAA3A5C0D026CD93E7
          SHA-256:99F228E168D01DAD320CF2D2F4D933B00286E3AE2C6FBCC8586D3B1914AF6C82
          SHA-512:111110C88A375BF62E98EEB10E198BDA2B4269840CB888A6CC305094D430FA87A190C1995D51C33510A8BCA44F05B187409AC4207836C2A3EE2ABC2F1FC0E133
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...R.Mg.........." ...$............................................................"r....`.......................................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerRes_LD.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:modified
          Size (bytes):178688
          Entropy (8bit):6.297651264205145
          Encrypted:false
          SSDEEP:
          MD5:770AB7FC22BE75C6BC6184D7276B8DA0
          SHA1:3C66B1DB9B261DEC33D6614C38B888C3FCC42115
          SHA-256:7C82A18D223BBE137E5103AA12081AC48CDB09562A29FB3A360D5FAD063D1339
          SHA-512:73DDC9B998073CAEED1716F0B73B6A40E3BFB5E1A0E74BC1947DFE4A1733083F27BDA0743931ABC4669297C89B8F8FAF9793EE495A8BA6085BCA54879869120F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...U.Mg.........." ...$............................................................#n....`.......................................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McInstallerStartup.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3264888
          Entropy (8bit):6.40811281223321
          Encrypted:false
          SSDEEP:
          MD5:2296AB6FFF74334D61FC2228944FF575
          SHA1:76AF0C11E916D50A4B17C5895BAC649440228CC6
          SHA-256:870884A712873CD0A2EA41F595D1A6F2CE927D1A3DC5C7403FA5C2A68A829563
          SHA-512:C0B8E1667C8F3358A782060A795397F6069701592A71BFC3EAA50D338AE60CDE9666245C8BE52E954DCFCEE8FB28F4A34B754D1368CADE3311A77FA02DDC694F
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......~..@:b..:b..:b..q...7b..q....b..q...;b..:b..;b......(b..q... b......7b......Ib..q....b...T.>b...<..?b......9b...<..2b..:b..``......db.. ....b.. ...;b.. .`.;b.. ...;b..Rich:b..................PE..d.....Mg.........." ...$.."..*......hH.......................................`2......}2...`..........................................7-......8-.......0..!..../..A...81.x.... 2..8..l<).T....................=).(...P6$.@.............".@.....-......................text....."......."................. ..`.rdata...t...."..v....".............@..@.data...T....p-..J...N-.............@....pdata...A..../..B..................@..@_RDATA..\.....0......./.............@..@.rsrc....!....0.."..../.............@..@.reloc...8... 2..:....0.............@..B........................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUICnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):749008
          Entropy (8bit):6.34694268310319
          Encrypted:false
          SSDEEP:
          MD5:3C33FEB50BEE2FD598E73D5E6C5744AA
          SHA1:F1AE28FA57EA9AC0EEEEE23A2A002E7899DF351C
          SHA-256:BA91E402DE201FEF346731AD3A1ABA892B1B746D027452E35C33E18D4506D72F
          SHA-512:57F92D655E780B272E45280BC10E113F56D4F21494FAE39FD8040FC16D31EB828A5D69EEE967D799C5424B1F229DC2FC1A7AF70D6BF6419CA9571CB8DAFDDF77
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........<-..]CX.]CX.]CXB/FY,]CX.(GY.]CX.(@Y.]CX.2.X.]CX.(FY.]CXB/@Y.]CXB/GY.]CXB/BY.]CX.]BX.\CX*(GY.]CX*(FY.]CX*(JY.]CX*(.X.]CX*(AY.]CXRich.]CX........................PE..d...B.<b.........."......R..........DZ.........@.....................................x....@.................................................8...(.......@....`..LY...*...C......,...X...p.......................(......8............p......(........................text...4Q.......R.................. ..`.rdata...p...p...r...V..............@..@.data....d.......D..................@....pdata..LY...`...Z..................@..@_RDATA...............f..............@..@.rsrc...@............h..............@..@.reloc..,...........................@..B........................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\McUtil.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):668384
          Entropy (8bit):6.415120440692156
          Encrypted:false
          SSDEEP:
          MD5:9A2846E6C98CF5FE15299EB5016845D7
          SHA1:F81A129B0A47F71627DC289424F61A67E6FE97D3
          SHA-256:336A32B47B1906080285480331A605E3301763A5CD86041BEDE64231CAFC5C82
          SHA-512:0B35AE8F22BAA2F29F1AF804E87793393570FC350B62033B287091ACC1DD159D8B81CBB182D431406401789ED7BCA923E6558A627D79883B483990596A847F55
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......Y4..U...U...U...'...U..O ...U..O ...U..{:y..U...'...U...'...U..O ..MU... ...U...U..?T...'...U... ..=U... ...U... {..U...U...U... ...U..Rich.U..........................PE..d...2?.e.........." ................`t........`b.............................P......C.....`A.........................................D.......J.......0...........T.......@...@......l...p.......................(.......8............0...............................text............................... ..`.rdata...6...0...8..."..............@..@.data....A...p...*...Z..............@....pdata...T.......V..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\MicrosoftEdgeWebview2Setup.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1613584
          Entropy (8bit):7.9288761652508155
          Encrypted:false
          SSDEEP:
          MD5:C992028604D91400D489F8CAB4B44469
          SHA1:C50DB047B19F0A710DE89D19DA907F1FAFBC49D8
          SHA-256:C5A0CED608AE34E91B87FFA94FEB020598A654FE185124287A3CB0658784A129
          SHA-512:C1BBCEFC592F8F619A9CC5CA27BEEEE308FA1A63D68451E32DF42419B0D787F3B177FC81A4D148EB93903E8C47623271EB39E886694A735B4CFC1F91C229A788
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@................................./B....@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\SecurityScan_Inner.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):11838184
          Entropy (8bit):7.996911973188253
          Encrypted:true
          SSDEEP:
          MD5:B1C61A18F2D4DF62EADD460D5BC7D7E4
          SHA1:4383ED82906F88C262002D26648DAE735E35B04A
          SHA-256:3B8457AA6BB18843C393CA69757EA8AC3632AC8C417BCD62C15A84486882E76D
          SHA-512:8A925CE4220ABF8F34FBF88C29939E59935091E34B3594538C025586F64B071B0297FD4DC592FFAF9FCCC878E19C046B65B4C01A80BE73E38F4C412A002A812D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 4%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`...........@.................................0........................s..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):162264
          Entropy (8bit):6.188393265219696
          Encrypted:false
          SSDEEP:
          MD5:8838E584DE6B554189DA0297B36AFD2B
          SHA1:3FD613F6C14B484446C71AA651D2CCA2C3515E2C
          SHA-256:28B898E4433291C969CD4F3BC46377B195527AD9138DF2FA57243CEB6717A6B9
          SHA-512:57984D7C948A2535C25EE01703E7DBE208768F9A8711392928107C603D2158A224ECB6F4A25C3E6E5C60EB13D08AED8F921770AF0D55A3376647DB1CC7A7978D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....N...........K...............................................p....`A....................................................(............@.......R...'..............T.......................(....a..@...................(...`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\installer.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):880
          Entropy (8bit):5.287153058757726
          Encrypted:false
          SSDEEP:
          MD5:E1C18A8D3852851885D96E7F1A5185A3
          SHA1:274DB7DFA0D7C9C7F7E12C5B068F27088395D3AF
          SHA-256:FF74D32030255DDBEA3C261A2B441C57EB3DFE99924F5AD4E7C2E5D638C9A309
          SHA-512:CD29E1A7D1C943FD98BDF473108FA558546BE21594A37DA4E710CAB4C6093D408C1F64A530857630730A00ABD696501EA5BAAC34C0C249DA258606BE15C2017B
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM = /S /inner..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mc-webview-cnt.exe

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):856952
          Entropy (8bit):6.258722668913684
          Encrypted:false
          SSDEEP:
          MD5:91A2BFBA73F7A9803EB559860E6D2F78
          SHA1:8E55E534D1718860A788DECF7D15A02E5E22ECD4
          SHA-256:42686E47D87202A984B9A3D0D19F8B073F805F4E3D1D348BEADCB4445D312DDE
          SHA-512:EF7138C4E81127E1C7078215786B970DA4D44FD0A5CD0D045D0F5F3D0CD52706737150F1BFD9FC2D48DD139C7B2B84F4490DA44BE4A525003B08D0668BBA5452
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{...{...{......{.....f{..a....{..a....{..a...{......{......{......{...{...{...{..Oz.......{.......{...{i..{.......{..Rich.{..........................PE..d.....Mg.........."....$.............n.........@.....................................%....`..................................................g...............p...^......xG..........ts..p....................t..(.......@...................H].......................text............................... ..`.rdata.............................@..@.data............H...j..............@....pdata...^...p...`..................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\mcbrwsr2.dll

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):654520
          Entropy (8bit):6.346078351326325
          Encrypted:false
          SSDEEP:
          MD5:48D4B0D428ACF453D8B738C4EECB97B8
          SHA1:45C524728F031E5F950EDD8CB6BCEFA891479653
          SHA-256:C54EBF13458A1B48A7D21F57BF3F064F0E9AF2D555C304A080058D3226BD7ED3
          SHA-512:BEBEE8B87980792124273EF79139EC1EDDA35AD97B8F29FBD9D80982FEB266432D4681AB3D5679C18F5FFCE5D5F1456921E52605B3B08061A8CC762B86EAC410
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 3%
          Reputation:unknown
          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......BO....|...|...|..\y...|.T[x...|.`A....|.T[....|.T[y.[.|..\....|..\x...|..\z...|..\}...|...}.//|..[x...|..[y.*.|..[|...|..[....|......|..[~...|.Rich..|.........................PE..d....?.e.........." .........6................@b.............................@............`A....................................................(.......(.......`T.......@... ......xB.......................C..(....t..8...................H........................text...l........................... ..`.rdata...e.......f..................@..@.data...dY...0...:..................@....pdata..`T.......V...F..............@..@.didat..............................@..._RDATA..............................@..@.rsrc...(...........................@..@.reloc....... ......................@..B................................................................................................................

          C:\Users\user\AppData\Local\Temp\nsx9807.tmp\x64\uninstaller.ini

          Download File
          Process:C:\Users\user\Desktop\SecurityScan_Release.exe
          File Type:Generic INItialization configuration [UIFLOW]
          Category:dropped
          Size (bytes):632
          Entropy (8bit):5.0853290119489465
          Encrypted:false
          SSDEEP:
          MD5:CB07146613AF41E92EF07E2052969646
          SHA1:5F4AA02DE1B872135CC9827E21460DFFA5DDD347
          SHA-256:946FB534E50D767BC91DDB348A35FCEBC1019A428673201DE2750BE4447CEDDC
          SHA-512:E774605DBB60DF98815E43E543EA7472350F46563E6D6A5B7D22B0EFB11DDB29F26B32021E49D723E970AE3229E2BE283C8C054C40DCDCF503CE4CF2A40E9866
          Malicious:false
          Reputation:unknown
          Preview:[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = %programfiles%\McAfee Security Scan\..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Install_complete.jpg

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2010:08:18 14:02:33], baseline, precision 8, 484x91, components 3
          Category:dropped
          Size (bytes):41226
          Entropy (8bit):7.509911955870971
          Encrypted:false
          SSDEEP:
          MD5:43A375CACCED659FDE2F4FA45EEB1433
          SHA1:A3B15DA958CC65CBE85E6366284186F3FAA01255
          SHA-256:23EF32BA916061060EF03AAE528073E3F480BA379D37CD90F323974BBE246266
          SHA-512:62AA9ACE35A4627B274A87213EF725B8C9B9CAA831251EC30033B9E31DC2746B41959D3514203DFCD803717EB02CD5555681FF5E5BB592CA08CB934751F9FCFB
          Malicious:false
          Reputation:unknown
          Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2010:08:18 14:02:33.......................................[...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....:...;...U..&my....c......}........8..c6.......dk......<T.t..V..{...|.....5.D..bT.u|zosc...."?..T....:.ub..../.c\

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\UninstallConfirm_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2997
          Entropy (8bit):4.872557104222716
          Encrypted:false
          SSDEEP:
          MD5:D563943EA1FFD621BD264A8882C332A4
          SHA1:AE53F4A473FC36173D1649777AA8CD8FD9A58421
          SHA-256:2DB17E1A9AE0A55A2ED4C113D43324CEA64E2E967A7E50CA1983EC0CC3CF88D2
          SHA-512:DF70E1C41C780E30B37973AA1033B11D43EF98198703E9552A64732EB77656CA34C756941EFFC2AD7960C58EAF159BC61470FB04B77AD5655A84B15AE153EE1B
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Uninstall_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):4514
          Entropy (8bit):4.539833060720786
          Encrypted:false
          SSDEEP:
          MD5:B325722E6322D345CD32342D1D4ECF9C
          SHA1:BF591D7BA2E2C8B655AB79A6FF975177271AE774
          SHA-256:CB5F354F5C6F9819FF0B9F49A5BEE5D73CB5AE0647091DF7B3AC8F23C2D77F30
          SHA-512:66582E02930C4428BD8DCE36141C1F2DECC609C2F4DA48798DF818DA7FFEB47DC097AB3AB9CC716309689176B1E263459DBADBBDD064326ED94B6172F7E4CADE
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Welcome_Install.jpg

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PC bitmap, Windows 3.x format, 484 x 91 x 24, resolution 4724 x 4724 px/m, cbSize 132186, bits offset 54
          Category:dropped
          Size (bytes):132186
          Entropy (8bit):7.387378622012761
          Encrypted:false
          SSDEEP:
          MD5:F24AD292467A3D233D401070B42741E6
          SHA1:50FD3C45E543F9097C8981E803EBB5CED4E30F36
          SHA-256:0A9EA6FA0DDE99F1835BC33887B7D4D0F8B3ADBF5EE2BBFA431A5ADAB7A6AECC
          SHA-512:9B176535DF6AA64ADFBA4DA5DE3FF3CE4B091272E9A778C413B3B9450726A1CFB2EB4CCFFA99025C8A638BD7D166EE791E5EB18CEF7D2BC1F15F6FB9C859D433
          Malicious:false
          Reputation:unknown
          Preview:BMZ.......6...(.......[...............t...t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 59 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):4304
          Entropy (8bit):7.8994200347038515
          Encrypted:false
          SSDEEP:
          MD5:8D7D3D3C5D61A6620D3890820DB77BD0
          SHA1:0AC007394C3C8303524CD7250376FDBDAFE10F45
          SHA-256:007A384AE21D54D657EB98C78BE5F0C4724789170E859FF16921B72CD1A671CF
          SHA-512:8F58E94D64763B4CB333EEA398CFA608946801430BAEC55A93E5DCA8913D3D8CA258382E3112545285ABF1740301D0A06C12DC8155C45691024B4209C84C1B28
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 59 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):4325
          Entropy (8bit):7.903666877414893
          Encrypted:false
          SSDEEP:
          MD5:8FCAA8C7268118335034B27461C49374
          SHA1:D89400EE2355400765CF2B12086288CF934F7AA8
          SHA-256:625E2AA199F448F9F5F7F4B96F452D5FD5555B5C9B117375BA3D96C57A6CE0AE
          SHA-512:D467E69AF9281671E42773749C86F72E9B51453F6545C8D505434476D4A27EB6EC5CDF62C41A8ECC53FCF339548A962E344A6DB055364D4E49054BCC7090E8BA
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_x.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 12 x 59, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3641
          Entropy (8bit):7.89981024396435
          Encrypted:false
          SSDEEP:
          MD5:D85B46E10E787A0978ADBA49FCCB1C31
          SHA1:A66AEF857AFC5E22A12050B037AACCE5AC3D8DA8
          SHA-256:6C6B70561D1AAA35F4525E59E8B0DE6FE0AF707B83405448B38F544CC771883E
          SHA-512:97CBFDDCDB13B7EFAD5F2453EA6AD6715CCEAFDEC301F47A17A4D0DD7484FCA98C724A5DEC0A56061ECB84D349316A66027B2956F1F6CF18F7CCC1299D94BB66
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......;.....x......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_left_y.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 53 x 1, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3607
          Entropy (8bit):7.8985827194202525
          Encrypted:false
          SSDEEP:
          MD5:4C60C0936E576D4829FCC2AB0B27567E
          SHA1:E43F32E9B30025103D260399EA64DE87A3B1E2FB
          SHA-256:7B77EDB6F6D5B8B1CB36D252292CA19633462E566318823B4F8EE779C2209B1F
          SHA-512:C32C734AF91D0A8DD5455D899BC56A1E0D860277326EA30D42B8BB896F007E1566D4BEAE2A1BAFBF034387B371E2D985BC4E14956AB82B3405579BAA4A5032B4
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...5.........I.......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progress.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):3120
          Entropy (8bit):7.880684704052909
          Encrypted:false
          SSDEEP:
          MD5:B7416FE546BE3165486C7BE6D78480FE
          SHA1:A9194A7F3EFC267301A2FD10A60015A2E260BB49
          SHA-256:2BFEA1538DA76701126D0F6C104F4DFD2714FC30F0A4ECCC3ACC0FCD17F16E15
          SHA-512:1D4C664316B8A1F50AF09E5FE26EE4574079BDB9D5AE4E34F22604C7ABE1C5FB22C214CD6E246EEAB0D81E0D48ACF0D883C2C65A209DD7FA5E72B0144429E44F
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progressbar.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 1 x 25, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):2815
          Entropy (8bit):7.866839551548217
          Encrypted:false
          SSDEEP:
          MD5:3B10D089B98CF035317ADD8FF1D69C34
          SHA1:87104A42B273AD8911293E1FDB831A34076F6FBE
          SHA-256:C8393D1AD135DDBA989912CBD186048549ABE6C3AF83D10EB7B18DDC3FCDB1C0
          SHA-512:912AACD3AF302D1FCD8E96E1648053B7ED550B1648A60E17779DD6677A4F28BE394A1FD23251F4559BEB02B7E4190E5513BC67DD6EA384B857F8D54E7B467D5C
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR................(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_right_y.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 62 x 1, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3608
          Entropy (8bit):7.903417886255168
          Encrypted:false
          SSDEEP:
          MD5:04A1090C757D176D0952E0D647E04C1F
          SHA1:457BAECA38521B9C0CEF8B1DC76BF1C38634BC63
          SHA-256:0AD49B2DF7B89C41361B15F260438B48E4611464BC722EBA28D7BFECA8EA987D
          SHA-512:B09DD926622DBDDD9EC1645B6DF662D2E1526A04E88087633842AD6A7D1C53828AB03EE73D3B9FD24C170F146DEEB26A9530555406C9DE9B5EFE7E041A833181
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...>..........3......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_min.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 17 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3627
          Entropy (8bit):6.831346885015074
          Encrypted:false
          SSDEEP:
          MD5:2E82C9D7CCC08E66AC3A25A86B935605
          SHA1:7D3606E3B74E96B4EDB1F4FD9772EAFED8D40ED0
          SHA-256:C4B4D8BB88B35EF8A861C7D1A562ED0D904C1C0D448018743FB7C54E623B7890
          SHA-512:4CCCF40C6BAC5A28A6514F56F72FB1A709C31CBFE1748523B0C643DF435C5B0F5AA1CFBE93E30BD8AF40FBA5447AE71E52521ADEE33AD428A55747BB90D5092F
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 10 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):339
          Entropy (8bit):6.3103093449208485
          Encrypted:false
          SSDEEP:
          MD5:EE5B2228811D94AF9890032671FA4C2A
          SHA1:26B2C94F7ECEC5E9800F5729647C93B814485A8B
          SHA-256:7E866549A0E5C34F54FA91D6EF8595230D372C35BBC9214C2B5E7257FCCACFB2
          SHA-512:A73829F4D07A52664BD96AEC73EB654F3F777D0E4214963E8281B07731DF06C9279D0BBDB93520B25AD2A20F9AA017B5D4233B8BD8F9928D8F59BF3F66703DCC
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...`PLTE.........................................................................................B.... tRNS................................\\.....]IDATx.D.E..0.............6DD..).....&.qA6..Q[.q..&{. Kr"+m..9...9.3.....)...I.$~S.K.......t......IEND.B`.

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):397
          Entropy (8bit):6.621501420011225
          Encrypted:false
          SSDEEP:
          MD5:D431BBD8760213BD86BEC73A4C6A980F
          SHA1:99F872BCADBF3D6DEEA5FC71E320B54BEAD14E36
          SHA-256:FEA1A6934A7BEB27EE089B266C60B73CAD9B375276E49A2DA5F5C4CA4822C256
          SHA-512:7ECBB56F3D14F706F1DD3315103CD0922C8BA3D46A50AEB60E5EA3BF7240C10EA8562BBCE85ED28A30AFE376B45E6CE4D73217D8A06E492B418857E45BAF21BB
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE........................................................................................;[....tRNS.................................v.....IDATx......A..Q.e.xfF...A.._.]:.R.....$B?.{.*.6.jN..x3'a....9...bN.r.......$...9...bN.rz...SVs......5'q9..I\N/s...`N.r...(c..I..7'1..4d.1/D<...J....0....6U.1.....IEND.B`.

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 11 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3712
          Entropy (8bit):7.893166546076688
          Encrypted:false
          SSDEEP:
          MD5:6455D5DA9B1E7913D46EB39C9BA37A1F
          SHA1:86D53B7F75B14366226AD87285D3C9AC2DA2BB14
          SHA-256:39BCEE59B7D24C9C9AC9E690C7907CC9D997B317F808D9F677F85910BF5F8B92
          SHA-512:C6021EC65779A748B496D47D36797FDC1D77F9E30B52E734C8E9B207D182AD3D27210BA1F14722E2BDD2CBA34AE4BD9FA985BCCF0A2ECBB1EF292FEA8B6D0482
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR..............fE.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3746
          Entropy (8bit):7.892892875194415
          Encrypted:false
          SSDEEP:
          MD5:90DA1B09726267DC51095725BDF34418
          SHA1:796A0E547FD88BDC66701ED7AA0CDB14AEF28FE0
          SHA-256:89702D85F8A1FA97B6851486CC55A59C327790EDB5BCE3B53529A9D21AEB46D9
          SHA-512:00CE752868F24703AD748650B1AADD014284846CF0A7CE4F0AFDD8B8F683ADF65B55C1A3417E64757AE5557E417DF25449DC5D141ACEB1B27D718FC80D45D8A4
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 10 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3723
          Entropy (8bit):7.891271924101642
          Encrypted:false
          SSDEEP:
          MD5:F1C6A87C653A14CE37B5444001858D51
          SHA1:85F2DF6C6846E0CDFC30FD3938B7050C0CC14F08
          SHA-256:74EEDB7E2CAB2B6782F2D779C3A746818469D98025F9CE2E8E316BD2BDBC73C9
          SHA-512:245FC8B693560B25F61D2238AC2BB04C268F97C1356FB82CAE148DBAF950B7AB99C9D516359D2D97FCAAA74DA2CE8BA4BE3F4A119CF1E12FF999171DA0280932
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 590 x 23, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3756
          Entropy (8bit):7.884924544816028
          Encrypted:false
          SSDEEP:
          MD5:92872F3C167298B5DD61D00B19ABF0CE
          SHA1:E48EF34456E1418B949FDE8F1CED9B2C7235DD0A
          SHA-256:0A85D609C22CE0BBAE5C3D628310F762867191EAFE50F4DD359F7A318FFB4121
          SHA-512:FE9F9BA5799DA92D5CAB159854DDFFA7178EAEE1F60817CA2967B1C67B4C1D79C9FD9ECFAC9F38BA55386472172E7B4F67C85D7C4001AA37890C4CF722ED6BCE
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_left.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 11 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3692
          Entropy (8bit):7.892451285158368
          Encrypted:false
          SSDEEP:
          MD5:DE6A7F757E562C20541C37F7B503C37D
          SHA1:DD71C92F502AFD441ED221B52291DE49F9181A39
          SHA-256:339BA6765564BC59F4372BA301E4F9E2AFE9087A87C16587B9017FC336EB11DC
          SHA-512:582C48F419017032B2FF8C0B9FD17FEA635438952021D062FA4271768EA85E6F74481E0C31CB4DA8EC086C0F09F97C9CA8A3DFBF5D92D7D0AF27876F768B53E9
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.............<?......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_right.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 252 x 17, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):3717
          Entropy (8bit):7.890141472752654
          Encrypted:false
          SSDEEP:
          MD5:C742F3EED168020D62410FABAD01BF8C
          SHA1:73133D37029253E39CE78F6AF692EB7665ADFA45
          SHA-256:C85E9DB4226738962E620134559CC817AF1FE45D1D0E615D30B4F527D83C12A5
          SHA-512:DE6D6A8EA4AB5DA441F44F37607AD0DC913815B3FB0076C7E1AAFDE5D1BE9D0DEC75E12340454C2B896D51DC74008AA6D815D4FCF83515204F8190E5FC75A551
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR..............1.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error-bgs.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 66 x 164, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):10796
          Entropy (8bit):7.971084406088028
          Encrypted:false
          SSDEEP:
          MD5:B15AAB3C315571E97FEA906C3A537C98
          SHA1:25B95C02C8F794788B637574BFDC16D691149EA4
          SHA-256:19A6C60BA0CD4E41E7D8CEE56116027A0634862914E549FC83648DF5A16B6CAD
          SHA-512:CF9190770A8AB237491C6A4CE600A393FF647F20CDAD5A67080FF1699A9573369D04AD598EF37938688A775DA3C4AC5303B8507D5C1479B951426987D3B51EEF
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...B.........#I.w....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):6836
          Entropy (8bit):5.273167916674738
          Encrypted:false
          SSDEEP:
          MD5:E18403BC273B7A0C55F06A72511D02F0
          SHA1:E9D582C0EFA49B00BFF951A84E3E8B195A9B1E73
          SHA-256:72DD6DA6A5AE95CDC39D5A464F4B5A0727152F251FC0536C661D5BB44E77114D
          SHA-512:B5BAEB3158DC5BD5CD3401B343D83D30B80E629029F6E8F77E9FC017043252C49E144843F440668C5F8A61D70DB7E33111274EF8B31E63C4AAEB91ABC3B1740B
          Malicious:false
          Reputation:unknown
          Preview:<html>..<head>... /*BugId: 1076930 by Manoj Verma on 2 June 2015*/--> ...<meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />... bug fix end-->.. Script -->.. <link rel="Stylesheet" href="base.css" type="text/css" /> -->.. <script language="javascript" src="error.js"></script> -->...<style>...body,div,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,th,td {...margin: 0;...padding: 0;...font-size: 1em;...cursor:default;...color:#555;..}..html, body {...width: 100%;...height: 100%;...overflow: hidden;...font-family: 'Helvetica', arial, sans-serif;...font-size: 12px;...color: #555;..}.....buttons {.../*float: right;*/...position: absolute;...bottom: 15px;...width: 80%;...margin: 16px 0 0 16px;...text-align: center;..}....a.button {...display: -moz-inline-box;...display: inline-block;...height: 23px;...margin-right: 4px; /*NEED TO ADD CASE FOR LTR AND RTL LANG*/...padding-left: 8px;...cursor: pointer;...background: url('btn_normal_le

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\first_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1450
          Entropy (8bit):5.016079842866843
          Encrypted:false
          SSDEEP:
          MD5:250823567F1D125777A4AA3D9B4C633F
          SHA1:6642D5FE58559EB72FA03FF90AF9CA8C15ADFF7E
          SHA-256:31B893CE47FCB39E131CF21F98B344BB65CC300726C94125949B7C5391364B23
          SHA-512:F07DCC6D11C5271973D689AB3B632E61E4FF0D7F27F088D21A6302A78A0CC53E69FFD225FCDDD02EB4D5C7DE7E542EE46C73586333D11B1EB2832FAFDD58CC38
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html>..<head>.. /*BugId: 1076930 by Manoj Verma on 2 June 2015*/-->.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. bug fix end-->.. <title>McAfee Light Installer Hello</title>.... <script language="javascript" type="text/javascript"> .. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headI

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\icon_inprogress.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 22 x 22, 8-bit/color RGBA, interlaced
          Category:dropped
          Size (bytes):4330
          Entropy (8bit):7.878912081982501
          Encrypted:false
          SSDEEP:
          MD5:269C11AFA47FFDA54088E8BEB54992C4
          SHA1:45B53BA0CE5E1684AE862311FD7FB408BE84491C
          SHA-256:E436A7E13F794D52DF4249A2116F6C1B481F6AECD1E8735EAF9E011E228B7ED4
          SHA-512:C14765DED1245BE3A515FDAC8F65305A5E6F5DE2589E20FF1CA5A258C61B4796A57216C58FABBCF8F00C4F5ED32EDB963D45EC3F6C435537584A21A03739BE60
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...............\.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\install_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):4708
          Entropy (8bit):4.5415810822948215
          Encrypted:false
          SSDEEP:
          MD5:A44EF8A19AFDED068262C233DC55E97D
          SHA1:F4CD6C105A4C240BCD5E2F22C9FFF3F5C99D0B69
          SHA-256:E88DEF05A3480454BF9BEB90230ACB03ABE38D5431DFF482E376851560E26CEB
          SHA-512:7167DD7FAF7A02E0051422925AE99C2A9D7E7F85EAD75C01D444EEB0F0B0B61E64825DC763FFA976CC8E3907C2130FB1889DBFC2664BD93AE7D13AAA607BE1FB
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\offer_background.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 411 x 125, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):27914
          Entropy (8bit):7.990084757557732
          Encrypted:true
          SSDEEP:
          MD5:E876290C8FA17E8347076C3D387208E2
          SHA1:29FE5B621E0BC3FFA52ABDA6CF2264A0A023582B
          SHA-256:8FD1BE616F5BD83B1C95983AD45BC443E3ACA59876FB69D6DB579C9E9C2EFC4C
          SHA-512:4099B1CD201E772DF1A900EBEA155844112BE402FBE8DD65B4E4BE7B18C7D692F269D4620B0026829CC65C2F0467B7D8262537D79FB7AD20B7483D15426960BE
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR.......}.......Y.....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx..{..-HP.#.W.9....|..w.....*.m... A.!Yv...=.S.OU..,....Z.....M...........97..?........5.+.7....cu_._.OL.a.T..K.....:.._\........-..t.....w ..S.l..Q}.......O...#...L.o..............?~......p&..........j..I.N.....:.f!.cb...6......_f!^0...<.nL.'.Zq.s..A.|.y-.....+..Qo.N'].<....?.3.\f......U.K...P,.|u..v.J..n1..5........../....Y..~. ....l.w.C..C6~.h..*....W...9\.4.G....(.b...u...P..L......*o.z1...9.a7....?.....tamXY.r..C.W.B8....;.....x...q...**.=..!.....w....O\;~.....e.v..Tk$..px../|@.x..V.)..xr.....!..........1.....+._....H...}...P.)v...ko_..6D.7@.}..YL..z..=..y.8.6..u'....._.e.o..5..{...w>..~.....r:............bD.;...C...4^.P%...9......').2.&....m.N....1G.+9Z.......g+7..~._.Ph.S).Z../...;..a..6?...+.....oZ...rZ.H..b...{.#]y*....CSV.K..TeZ...F....*^...K.W..H.q..X.}U.BJ..3...p.c`....2...-cC..*l.-..5X.......n.._.=...2B........v.O]h.....g.r.*...W....T..bh..=,=*|E9..}.Sl

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\status_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):3568
          Entropy (8bit):4.746172367572746
          Encrypted:false
          SSDEEP:
          MD5:363AF35F2A418052058F626EBF657C78
          SHA1:B41E03BD98A25974E6019E039A2A88EFF33E1C3A
          SHA-256:2F7B77AE6931961CED0C3E627B756AA8B7DFA234448FD5E75B3FD30D05C46ADD
          SHA-512:8C53B204A0F306ED3561B2DF815C04606CD6ED40C50287B77F877F259B888EC3962BBAFD68A9712EAECE562C69C162E60ED41308983E00F3A71C33BC5C1429D3
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\uninstallEnd_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):3424
          Entropy (8bit):4.908390796851773
          Encrypted:false
          SSDEEP:
          MD5:6BCC42B7E36AAEA4977F1615BB9CD800
          SHA1:80275108208C6CCE5CCDE60BFEC1CF5E9296D020
          SHA-256:A2A4262A95D1861C8593A691195A681CE52C6667CC0AB6A6168B49C52EFD9070
          SHA-512:208DA5195548E2334723B45A82C617D7A32BCBA313CA6BBDD4820CAB3797404BF415C7D8C2691B1150CC4E0261E77F0DB686850B8D2FCC719F20D0CC9ED459B7
          Malicious:false
          Reputation:unknown
          Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning.png

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:PNG image data, 65 x 53, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):7471
          Entropy (8bit):7.946896059214694
          Encrypted:false
          SSDEEP:
          MD5:E83EE81A5FCC3F92E3349CA31C8DA567
          SHA1:3A44167BED8E580157693AE1D632020B359702D3
          SHA-256:AA6FFE226C3DF9E889AB792E6C76289142727D6E6A2BD9BC5A71754909FC5406
          SHA-512:B7A04407A0526307131DE6F08BE9BD5F26C896E58DE3BC663AA6CB12AE51A2F9A184F4FB9ACD3E73311CA1C7A378C11A3F2AD63D3B2E25EACA2A0DC85FA450FC
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...A...5......&......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):3408
          Entropy (8bit):4.792432380835198
          Encrypted:false
          SSDEEP:
          MD5:A2763D13BEF03F8B788F379C138340EA
          SHA1:E2D8933BE4C19A4E0EC8BEADD016673D0AF8615D
          SHA-256:0438BE464404D356DAD104FC81EEF285E2C4F9BCCEE9428C1BA25AB36EF94123
          SHA-512:F1EF65E2384CA38D00AF2B68AE5C335F679BECEA8C900AF9695A2AD3BE39F35F35D1890AE5CE3B37C076B3EE6443469C45220DF0F756FB1EAF49DF273A1F14FE
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var tag

          C:\Users\user\AppData\Roaming\McAfee\MSSPRes\welcome_wv.htm

          Download File
          Process:C:\Users\user\AppData\Local\Temp\nsx9807.tmp\MSSPResExtractor.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):3575
          Entropy (8bit):4.7491198392497305
          Encrypted:false
          SSDEEP:
          MD5:94E0EFC80555876168939942CA56B256
          SHA1:B6ABFDC8B4ECC3CFB593D6A4A350FBAB5A384CDE
          SHA-256:8B9FA1022203B3959B5EC881C42E85CCB8B1D70CF1554AE343F794F4025F7CE9
          SHA-512:4DF378CB852110EC082DAF32E2BAFC00EBAC925C6636C47CD719C6C46C00AB8B6332FB73CB9E87A5AD9294EA4FC8619327EA3EE728610C8C678BA633FE0EB7A3
          Malicious:false
          Reputation:unknown
          Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">....<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var t

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Entropy (8bit):7.999358916418884
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:SecurityScan_Release.exe
          File size:27'660'968 bytes
          MD5:d19f7fb266813e0fba1d009be48c40d5
          SHA1:49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
          SHA256:9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
          SHA512:a3277d635573bc7d45818a91bc6d1080439e83fb700486efc74dfb1fe6a1d97811e9c6cd4f158d083abc8ca8e5c4e3b703f3ce249069b69aace0c028fc1ce5dc
          SSDEEP:786432:2fWTg0k4wDw5NQNdJO6gwQNajcQQ1xZWq2b5hWsxFe:3zgw4wwYaoTTWqw7U
          TLSH:B457332C41812B4AD739C43D6F46F0EDCB7E7EF77A40B5AA6F2807447B699821C8168D
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L... ..\.................b.........

          File Icon

          Icon Hash:f0b34d6961f0130f

          Static PE Info

          General

          Entrypoint:0x403328
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x5C157F20 [Sat Dec 15 22:24:32 2018 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:57e98d9a5a72c8d7ad8fb7a6a58b3daf

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 13/10/2023 16:08:48 13/10/2026 16:08:48
          Subject Chain
          • CN="McAfee, LLC", O="McAfee, LLC", STREET=6220 America Ctr Dr, L=San Jose, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=2306741, OID.2.5.4.15=Private Organization
          Version:3
          Thumbprint MD5:B3515A8A7E95C305ACE3094E13C5AB18
          Thumbprint SHA-1:AAFB69C1A3FD4C2D5207E98F818B994664DB71CD
          Thumbprint SHA-256:E310C8CE8BDB286B22EFAD3B0FEC70867B7A888200331004C19DB3687CA9F170
          Serial:47E0D8578AB200083919FA11

          Entrypoint Preview

          Instruction
          sub esp, 00000184h
          push ebx
          push esi
          push edi
          xor ebx, ebx
          push 00008001h
          mov dword ptr [esp+18h], ebx
          mov dword ptr [esp+10h], 0040A130h
          mov dword ptr [esp+20h], ebx
          mov byte ptr [esp+14h], 00000020h
          call dword ptr [004080A8h]
          call dword ptr [004080A4h]
          and eax, BFFFFFFFh
          cmp ax, 00000006h
          mov dword ptr [0042472Ch], eax
          je 00007F866C60D9A3h
          push ebx
          call 00007F866C610A92h
          cmp eax, ebx
          je 00007F866C60D999h
          push 00000C00h
          call eax
          mov esi, 00408298h
          push esi
          call 00007F866C610A0Eh
          push esi
          call dword ptr [004080A0h]
          lea esi, dword ptr [esi+eax+01h]
          cmp byte ptr [esi], bl
          jne 00007F866C60D97Dh
          push 0000000Ah
          call 00007F866C610A66h
          push 00000008h
          call 00007F866C610A5Fh
          push 00000006h
          mov dword ptr [00424724h], eax
          call 00007F866C610A53h
          cmp eax, ebx
          je 00007F866C60D9A1h
          push 0000001Eh
          call eax
          test eax, eax
          je 00007F866C60D999h
          or byte ptr [0042472Fh], 00000040h
          push ebp
          call dword ptr [00408044h]
          push ebx
          call dword ptr [00408288h]
          mov dword ptr [004247F8h], eax
          push ebx
          lea eax, dword ptr [esp+38h]
          push 00000160h
          push eax
          push ebx
          push 0041FCF0h
          call dword ptr [00408178h]
          push 0040A1ECh

          Rich Headers

          Programming Language:
          • [EXP] VC++ 6.0 SP5 build 8804

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x84300xa0.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x19e28.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x1a5e3800x2f28
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x60770x62000311bcb2ead177b380555800a8e6e6eeFalse0.6595583545918368data6.403859519216241IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x80000x12500x1400926b1e688f085d737343e22bcf628243False0.4298828125data5.044807654453153IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xa0000x1a8380x4009b72314b8d9ad5c72778b00cdf336ee2False0.646484375data5.2244513108529995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .ndata0x250000x150000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0x3a0000x19e280x1a000c192cd761a2f8b017781fd898ee0eaebFalse0.17032564603365385data4.017066897842131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x3a5f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.056089554004495445
          RT_ICON0x4ae200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.14107883817427386
          RT_ICON0x4d3c80x1b6ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9115636570777557
          RT_ICON0x4ef380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.21904315196998123
          RT_ICON0x4ffe00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.3734008528784648
          RT_ICON0x50e880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.4918772563176895
          RT_ICON0x517300x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.38353658536585367
          RT_ICON0x51d980x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.6098265895953757
          RT_ICON0x523000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.43882978723404253
          RT_ICON0x527680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4959677419354839
          RT_ICON0x52a500x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.6013513513513513
          RT_DIALOG0x52b780x100dataEnglishUnited States0.5234375
          RT_DIALOG0x52c780x11cdataEnglishUnited States0.6056338028169014
          RT_DIALOG0x52d980x60dataEnglishUnited States0.7291666666666666
          RT_DIALOG0x52df80xf8dataEnglishUnited States0.532258064516129
          RT_DIALOG0x52ef00x114dataEnglishUnited States0.6376811594202898
          RT_DIALOG0x530080x58dataEnglishUnited States0.7840909090909091
          RT_DIALOG0x530600xecdataEnglishUnited States0.5042372881355932
          RT_DIALOG0x531500x108dataEnglishUnited States0.6212121212121212
          RT_DIALOG0x532580x4cdataEnglishUnited States0.75
          RT_DIALOG0x532a80xecdataEnglishUnited States0.5042372881355932
          RT_DIALOG0x533980x108dataEnglishUnited States0.6136363636363636
          RT_DIALOG0x534a00x4cdataEnglishUnited States0.75
          RT_DIALOG0x534f00xf0dataEnglishUnited States0.5125
          RT_DIALOG0x535e00x10cdataEnglishUnited States0.6343283582089553
          RT_DIALOG0x536f00x50dataEnglishUnited States0.7625
          RT_GROUP_ICON0x537400xa0dataEnglishUnited States0.63125
          RT_VERSION0x537e00x2f4dataChineseTaiwan0.45634920634920634
          RT_MANIFEST0x53ad80x349XML 1.0 document, ASCII text, with very long lines (841), with no line terminatorsEnglishUnited States0.5517241379310345

          Imports

          DLLImport
          KERNEL32.dllSetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetCurrentDirectoryA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
          USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States
          ChineseTaiwan