Edit tour

Windows Analysis Report
SecurityScan_Release.exe

Overview

General Information

Sample name:	SecurityScan_Release.exe
Analysis ID:	1585405
MD5:	d19f7fb266813e0fba1d009be48c40d5
SHA1:	49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
SHA256:	9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found detection on Joe Sandbox Cloud Basic

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Detected non-DNS traffic on DNS port

Drops PE files

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses 32bit PE files

Classification

Process Tree

System is w11x64_office

SecurityScan_Release.exe (PID: 1844 cmdline: "C:\Users\user\Desktop\SecurityScan_Release.exe" MD5: D19F7FB266813E0FBA1D009BE48C40D5)

MSSPResExtractor.exe (PID: 2912 cmdline: "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)

mc-webview-cnt.exe (PID: 6876 cmdline: "C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-us MD5: CD7D48BB339C72CCFE7DA3A3164180BC)

MSSPResExtractor.exe (PID: 6596 cmdline: "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe" MD5: 5DC3CCE86B3CEEB218E9F863F2F6138A)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SecurityScan_Release.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecurityScan_Release.exe

Static PE information: certificate valid

Source: SecurityScan_Release.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.24:49875 -> 1.1.1.1:53

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: sadownload.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: res.public.onecdn.static.microsoft
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53715
Source: unknown	Network traffic detected: HTTP traffic on port 53715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53716 -> 443

System Summary

Found detection on Joe Sandbox Cloud Basic

Source: SecurityScan_Release.exe

Joe Sandbox Cloud Basic: Detection: malicious Score: 72 Threat Name: Analyzer: w10x64_ra

Perma Link

Source: SecurityScan_Release.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal76.evad.winEXE@7/112@13/25

Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe

File created: C:\Users\user\AppData\Roaming\McAfee

Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Mutant created: \Sessions\1\BaseNamedObjects\NULL
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\{46C61DD2-00A3-46F1-B456-3E6CDCEF89B7}

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

File created: C:\Users\user\AppData\Local\Temp\nseF59A.tmp

Source: SecurityScan_Release.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

File read: C:\Users\user\Desktop\SecurityScan_Release.exe

Source: unknown	Process created: C:\Users\user\Desktop\SecurityScan_Release.exe "C:\Users\user\Desktop\SecurityScan_Release.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-us
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe"
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe" McInstallerStartup.dll config:.\Installer.ini mode:/l lang:en-us
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Process created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe "C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe"

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: shfolder.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: cfgmgr32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dsrole.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: jscript9.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: webio.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: cfgmgr32.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: webview2loader.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: jscript9.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Section loaded: cfgmgr32.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Section loaded: ondemandconnroutehelper.dll

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

File written: C:\Users\user\AppData\Local\Temp\nskF790.tmp\ftconfig.ini

Source: SecurityScan_Release.exe

Static PE information: certificate valid

Source: SecurityScan_Release.exe

Static file information: File size 27660968 > 1048576

Source: SecurityScan_Release.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MSSPResExtractor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUtil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\WebView2Loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUtil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\SecurityScan_Inner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerStartup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\WebView2Loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mcbrwsr2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes_LD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUICnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerStartup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\SecurityScan_Inner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MicrosoftEdgeWebview2Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mcbrwsr2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes_LD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUICnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MicrosoftEdgeWebview2Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\InstallHelp\SecurityScanner32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	File created: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mc-webview-cnt.exe	Jump to dropped file

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT PNPDeviceID,Description FROM Win32_NetworkAdapter WHERE PNPDeviceID LIKE '%ROOT\\NET%'
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT Description FROM Win32_NetworkAdapterConfiguration where IPEnabled = True

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: 2340000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: ADC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B560000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B5B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B5F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B610000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B630000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B870000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B8A0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B8D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B8F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B910000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B930000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B9B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B960000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B980000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B9F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BA30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BA90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BAF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BB10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BB90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B870000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BCA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: B890000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BD10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BD30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BD50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BD70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BD90000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BDE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BB50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC30000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC50000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BC70000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BF00000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BF20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BF40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BF60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BF80000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BFA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BFC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: BFE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: C000000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: C020000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: C040000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Memory allocated: C060000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8D40000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8EE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8A10000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8A60000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8AA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8AC0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8AE0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9540000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 8B20000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9570000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9590000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 95B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 95D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9650000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9600000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 96B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 96D0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 96F0000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 9750000 memory commit \| memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	Memory allocated: 97B0000 memory commit \| memory reserve \| memory write watch

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mcbrwsr2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes_LD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MSSPResExtractor.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUtil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUICnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerStartup.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\SecurityScan_Inner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MicrosoftEdgeWebview2Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mcbrwsr2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes_LD.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUICnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\MicrosoftEdgeWebview2Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUtil.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\SecurityScan_Inner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\InstallHelp\SecurityScanner32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mc-webview-cnt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerStartup.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 2184	Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\Desktop\SecurityScan_Release.exe TID: 6016	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 4956	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 6608	Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 4956	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 748	Thread sleep time: -750000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 6608	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 6608	Thread sleep time: -1050000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 6608	Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe TID: 6608	Thread sleep time: -1140000s >= -30000s

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe

Process information queried: ProcessInformation

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\SecurityScan_Release.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM AntiVirusProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct
Source: C:\Users\user\Desktop\SecurityScan_Release.exe	WMI Queries: IWbemServices::ExecQuery - Root\SecurityCenter2 : SELECT displayName, productState FROM FirewallProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	631 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	73 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	54 Virtualization/Sandbox Evasion	LSASS Memory	54 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	113 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Source	Detection	Scanner	Label	Link
SecurityScan_Release.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\nskF790.tmp\InstallHelp\SecurityScanner32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes_LD.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerStartup.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUICnt.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUtil.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\MicrosoftEdgeWebview2Setup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\SecurityScan_Inner.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\WebView2Loader.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\mcbrwsr2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MSSPResExtractor.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes_LD.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerStartup.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUICnt.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUtil.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MicrosoftEdgeWebview2Setup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\SecurityScan_Inner.exe	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\WebView2Loader.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mc-webview-cnt.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mcbrwsr2.dll	3%	ReversingLabs

Name	IP	Active	Malicious	Reputation
fg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
mosaic-nova.apis.mcafee.com	52.26.92.172	true	false	unknown
analytics.apis.mcafee.com	unknown	unknown	false	high
sadownload.mcafee.com	unknown	unknown	false	high
res.public.onecdn.static.microsoft	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.26.92.172	mosaic-nova.apis.mcafee.com	United States	16509	AMAZON-02US	false
2.16.168.115	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.16.168.105	unknown	European Union	20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585405
Start date and time:	2025-01-07 16:05:34 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	SecurityScan_Release.exe
Detection:	MAL
Classification:	mal76.evad.winEXE@7/112@13/25
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23, 2.16.168.105, 2.16.168.115
Excluded domains from analysis (whitelisted): crt.comodoca.com.cdn.cloudflare.net, slscr.update.microsoft.com, sadownload.mcafee.com.edgesuite.net, a866.dscd.akamai.net, crt.comodoca.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecurityScan_Release.exe

Created / dropped Files

C:\ProgramData\McAfee Security Scan\ftstate.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [DataAnalytics]
Category:	dropped
Size (bytes):	96
Entropy (8bit):	4.620221899887843
Encrypted:	false
SSDEEP:
MD5:	E954170B7D1B6DBB7BD151F791FCB21B
SHA1:	BC6DFAECA3CE095279F78D39BD9CEEF0BF3002B6
SHA-256:	613E4F78E2DB7C091EEB8FFAA9D4C00BAEDAEDF3C06D30C00EB0E77164E110E7
SHA-512:	D2ABE3111FE1534DC3C974C3EF8FCF948835BC3F4F9751D2B50213997F08D3098F6AC3946E4262160EA7A93AE2ED40CC2806356AAF60EA77808CFCA01EA4164F
Malicious:	false
Reputation:	unknown
Preview:	[queryparams]..affid=0..[DataAnalytics]..InstalledDate=7..InstalledMonth=1..InstalledYear=2025..

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\aviary_client.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (1531), with CRLF line terminators
Category:	dropped
Size (bytes):	1738
Entropy (8bit):	5.321166453198633
Encrypted:	false
SSDEEP:
MD5:	1E7EBC68623599ACA8619CC5169F0590
SHA1:	03BED5B7E64E7509B6BA1C5453AF4B553FEACFC5
SHA-256:	8B044EBA3B6C28828C9DCFE6E499BDCBE3EDFC70F4E4C072DB9C050FD48D822F
SHA-512:	79A585371B332CF90FD1686EA53E68509115F6A939E82CCDF4161AFFD3734C828E3223C03FE5636254A89FD38799DC9C4D4D9779FC718A877B548CEEC52BA68E
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var aviary_client_fileVersion = "1.4.114"; ..function CreateAviaryClientHelper(){try{var a={Get:function(f){try{if(this._aviaryPlugin){var c=this._aviaryPlugin.Get(f);this._logInformation("Get: key: "+f+" value:"+JSON.stringify(c));return c}}catch(d){this._logError("Get exception: "+d.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));g

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\common.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (14337), with CRLF line terminators
Category:	dropped
Size (bytes):	14537
Entropy (8bit):	5.3507201842055725
Encrypted:	false
SSDEEP:
MD5:	BC8BDE16CFD68270180130A481BED8DE
SHA1:	556DAE92A4F6F577C2EB7DC3432EFF23711DB99B
SHA-256:	2A61139B601CB82E007663D7F29F80EDA8616619A03863A42B72F05ED98769A1
SHA-512:	F6853F5DF1EADF477C911D30C20AA4314987DE6F9841C4ABFC8A2FC1836869326B08AB632D9FCFC6B24DCF1E7D21B61D0D0F645F66B7E41DBE96603FBCF0451A
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var common_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\config_manager.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (842), with CRLF line terminators
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.323565161333726
Encrypted:	false
SSDEEP:
MD5:	5C2EB996C9B5AF003AD9916ADCFE6533
SHA1:	704790B240761930AAB7A541535216FCEBD5C6CD
SHA-256:	46D424408D9487A861CD8BB4900C3610C297B1B9924F2A82AAE0CEC31EBA0E70
SHA-512:	87A0F1B61C1D1F9D2A2D6F53B19487FB6BC88CBA8FB30C4462E22F7F39C7470DDB888D5521F2921669ECA250BD913A46B63F83FB98601B4D3FBA21C7452B11AF
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var config_manager_fileVersion = "1.4.114"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//5EE60414C7D07A259D3A495EC0E70D7DD1BC2350CACEDA67835CF4EB5031E387D9398A386B6DD358

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\csp_client.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3383), with CRLF line terminators
Category:	dropped
Size (bytes):	3587
Entropy (8bit):	5.303660739400768
Encrypted:	false
SSDEEP:
MD5:	02285FA10F1BFECBB6E0FC79EE757049
SHA1:	64F718E3F85465987B33B6DD29E1C22AF43F79B2
SHA-256:	9B9A6C8721C66C1F29185ECC7F429BBDBB468D63A1273BC12F879830747949A9
SHA-512:	4EED5B2C81D26464D65A1381959CCC8539AED0CBA6A0F0301C696975E6C01899B4221092749778AABE33BA66DAEFBB1DE3E2683B5B59C960864F4844966EBF63
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var csp_client_fileVersion = "1.4.114"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\da_definitions.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1396
Entropy (8bit):	4.131950546304375
Encrypted:	false
SSDEEP:
MD5:	6F1D4AE5766E2FC0517756E0E083A679
SHA1:	3763521410A5962C645D0445529EF3997B11CF1D
SHA-256:	DAB0F5582C42B61C79B281A5C358BC7529EF9923793BC869C923DEEFA84708D4
SHA-512:	89F6254BCD0B00EB844D377F4DFF94C7D7946BE294CFA8ED5D2B3CCFFDA6F2ACAC4A062822A7087863B270997D9D6FCC2DCFA952C2664230901D087589C14C8E
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "data": {.. "metrics": [.. "event.value",.. "hit.duration.seconds",.. "hit.size.inbytes",.. "hit.engagement.userinitiated",.. "hit.result",.. "hit.metric.1",.. "hit.metric.2",.. "hit.metric.3",.. "hit.metric.4",.. "hit.metric.5",.. "hit.metric.6".. ],.. "dimensions": [.. "hit.uniqueid",.. "event.category",.. "event.action",.. "hit.screen",.. "hit.action",.. "hit.engagement.interactive",.. "hit.engagement.desired",.. "sub.category",.. "tertiary.category",.. "guid",.. "hit.session.id",.. "event.label",.. "hit.feature",.. "hit.type",.. "hit.trigger",.. "hit.source",.. "hit.severity",.. "hit.date",.. "hit.label.1",.. "hit.label.2",.. "hit.label.3",.. "hit.label.4",.. "hit.label.5",.. "hit.label.6",.. "hit.label.7",.. "hit.label.8",.. "hit.label.9",.. "hit.labe

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_collector.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (13754), with CRLF line terminators
Category:	dropped
Size (bytes):	13962
Entropy (8bit):	5.21304794720775
Encrypted:	false
SSDEEP:
MD5:	56D209C4B77DB36DA734EEAF5E666E76
SHA1:	3FF436681EC15CAF7F6724C9DD8E0541FF452CA4
SHA-256:	BBC40E3E1271ADA78E8064F010B53E2DC5BC7C16CFB14A3E7119879B4EBB3E64
SHA-512:	FCD6000DE2E38EBE051BA3C9E8C5CAE8142B348F04FD9423D48C3A213AE89A16F0705F4CA4C1FB0CDAD0D94E08DCC5F3435F9AB4250EA3FCF21109B5513B058A
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var data_collector_fileVersion = "1.4.114"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers\|\|!this._refreshers\|\|!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_items.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	89363
Entropy (8bit):	3.8489514100309172
Encrypted:	false
SSDEEP:
MD5:	3002F862E16DFADDBA23DC9CC2522523
SHA1:	601654AF4EE33E6E9C1A1DBC1B47C64AC802DE6A
SHA-256:	A6D8DA663A46C45DC8664BAE6A57B8F319BA1CF90676E9E5A63488C329B8C69E
SHA-512:	DB73A811A18A6BDE7983F5E8427E3D2D75D13800EFE220DC2227E0BD6CA401F4DC3147A89FAC36BC4E49DE8251EF3DB5C8F9919EB329DF9EF8B5E26702BAE181
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "data": {.. "auth0_user_id": {.. "params": "auth0_user_id",.. "source": "settingsManager".. }, .. "user_ref_id": {.. "params": {.. "action": "GetProperty",.. "appid": "vso",.. "name": "user_ref_id".. },.. "refresh": {.. "onMessageBusMsg": [.. "Core.Subscription.Sync",.. "Core.Subscription.SubscriptionUpdated".. ].. }, .. "source": "subdb".. },.. "CSP.ClientId": {.. "params": {.. "action": "ClientID",.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f".. },.. "refresh": {.. "harvestIfEqWithTimeout": {.. "value":"[ruleMismatch]",.. "timeout":600000.. },.. "onMessageBusMsg":

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (7140), with CRLF line terminators
Category:	dropped
Size (bytes):	7341
Entropy (8bit):	5.275074613666029
Encrypted:	false
SSDEEP:
MD5:	B3E7252726A1A200EE2545087AECE2DA
SHA1:	A21BDEBA3F9DC50707784CA5262C64151B18B6BA
SHA-256:	E73737B43188F5EAF5476502301228DA191E4679FEF2DAD83584C85B3B04A185
SHA-512:	1CF46EDB80E716254FE4458A7C25D8F226A0E2CF3F94980AE10E6F3703F46A4C6A3E8F7C566B0D5A4189A8D87E6D6F9B0F00B9588DB6E412C36324A7A53B9E15
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var dataset_fileVersion = "1.4.114"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset_da.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (6749), with CRLF line terminators
Category:	dropped
Size (bytes):	6953
Entropy (8bit):	5.406921317159456
Encrypted:	false
SSDEEP:
MD5:	54130B64A7B6C873A442D99B37C94BD2
SHA1:	9997B6D86FEFB276DAF608BFA77A63CBC4A1F8FB
SHA-256:	3386EC5C89C89B296A83F4FB941E12B1BF337782F626F90D0ACE90280995B6A8
SHA-512:	AC3D0E127F5353444638701CFDF4D002B347BE4C0C6A64DAB5D331B306103AE2D7D0B9FC745FD2322ABC6E2C3D2A61F6B4617A75FE2F34D858B6673EE57A72DC
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var dataset_da_fileVersion = "1.4.114"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(160601000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=2460*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\datasets_catalog.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	10553
Entropy (8bit):	4.124349379343266
Encrypted:	false
SSDEEP:
MD5:	AC18B2AC0D9FC093ACA0D07D01B13218
SHA1:	0C840474541229CC7B64AE19860E3EA85F4DE8A6
SHA-256:	D6D59C37B9F46E3879CAC60239C30A614B3A6AD1B08A9021ABB07D108FC54562
SHA-512:	0FA947D5889ABE619A81960524BFD059F419F0C0EA4A7652A9A6D218BE9BA250FC297D01053F6A43C3445D96B53CE7AEEE93498D40B104D36C9238185CE8CEC7
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "data": {.. "ab_test":{.. "data_items": [.. "analytics_governance_version",.. "device_id",.. "product_affiliate_id",.. "product_analytics_sdk_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wss": {.. "data_items": [.. "auth0_user_id",.. "user_ref_id",.. "WSS.Hardware.ID",.. "WSS.Software.ID",.. "WSS.Segment.ID",.. "WSS.Segment.Type.ID",.. "WSS.MSC.Version",.. "WSS.MPF.Version",.. "WSS.MPS.Version",.. "WSS.MQS.Version",.. "WSS.MSK.Version",.. "WSS.NGM.Version",.. "WSS.VUL.Version",.. "WSS.VSO.Version",.. "WSS.VSO.Content.Version",.. "WSS.VSCor

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dictionary.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20179
Entropy (8bit):	4.552776289770129
Encrypted:	false
SSDEEP:
MD5:	BC382489643E9DDC228A8D051A42D337
SHA1:	8A99506591E5B90308D02489497361CB5CDEA803
SHA-256:	86F3DDBD547491B25BF67F9BF1A182588EB7DDDB84F3CA875B65B059C1D86896
SHA-512:	CFCE98752EBD973E370880492238B858030A07F27FA2BFA1DAFE619CF37E4B56F6F74D0FFDD93C53551583A8F37570EBB7A1C230ECA0480B48F546882CD98029
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_metric_3",.. "metric4": "hit_metric_4",.. "metric5": "hit_metric_5",.. "metric6": "hit_metric_6",.. "screen": "hit_

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\emitter.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (4110), with CRLF line terminators
Category:	dropped
Size (bytes):	4311
Entropy (8bit):	5.214434221619653
Encrypted:	false
SSDEEP:
MD5:	D8C5553A463C6E0E535E75731984F97E
SHA1:	DC736DD2072CFAC34E33B1BA276B240AEB76239E
SHA-256:	3DDC7CA8246F0B324B2ABBE4750302AB322C92A4AEEEDF3B5AEC3B1712359748
SHA-512:	06F6188B41BD97DB2D7D1981F25DB5C9771BE7ABE650417DD99A3547C90660311E44001864FE452304BA6A5C4F0A90E584F00A637EE6D01587647EFB212B3980
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var emitter_fileVersion = "1.4.114"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength;this.extendedAttributesLengthConfiguration=e.extendedAttributesLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transpo

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\engine.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (11329), with CRLF line terminators
Category:	dropped
Size (bytes):	11529
Entropy (8bit):	5.250654475538895
Encrypted:	false
SSDEEP:
MD5:	BF1603983B0F6F5F4D75FB1206860C8A
SHA1:	D42E9A0DC78B184774227C7D0E86EBB62E904928
SHA-256:	6D01A312285532A3263576F4306D9667411E203DDD3A1A1EF1EAFA7B8FCF4E10
SHA-512:	31873A7F9EE9F466D65B09A565FF505D75657B39A1D96E3AF87DFA88F6378D6FE3FD3333CD73CEACE33AECA1155942B0024AE88AE831E5B1FD09483AAC2DD49C
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var engine_fileVersion = "1.4.114"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60601000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\error_transmitter.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (2529), with CRLF line terminators
Category:	dropped
Size (bytes):	2740
Entropy (8bit):	5.312241151375569
Encrypted:	false
SSDEEP:
MD5:	213154598262F6FB58D03D24B789EBCE
SHA1:	57A9D0906614F8A0A4FFC06303CA7D2014D7DD1F
SHA-256:	9D021EA0C55B0496824431423C36A45A9D37FF293B1EA55B7F54010CC568643C
SHA-512:	C8ECF758190574B5980E60A27D77929925EAF5011FA836861168D7C2F4505DF04FBAC66E018E66F96EAFC9081B1BC592DB8EDF81CAD0EA5EFA1B981A0A510BC8
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var error_transmitter_fileVersion = "1.4.114"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\event_handler.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (6709), with CRLF line terminators
Category:	dropped
Size (bytes):	6916
Entropy (8bit):	5.332274302455534
Encrypted:	false
SSDEEP:
MD5:	92E85B12506AA4D5565097C3061178A4
SHA1:	E7E9704B229B6E1F149CB3F2BACD5C09C4C07686
SHA-256:	2E9F27AB73C48D04F1913723050E8573D3A17A1CF95D842D29CD41E6602A2DFA
SHA-512:	4D6AC930DE75CF9C51A556D14C97CDE438D9C07DE01903CA0C581D7002012563F3AA8BCC8333BA1EEF3C7E372CABE5E7698EBCCB329B9C34BAAA80D43E365FFB
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var event_handler_fileVersion = "1.4.114"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)\|\|("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)\|\|("Analytics.AddRecord"==f)\|\|("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\events.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	218852
Entropy (8bit):	3.07966733633794
Encrypted:	false
SSDEEP:
MD5:	BAA2C7A097685ECFB8FEC75AC61EF4B8
SHA1:	6838FA7D8EFF2E2A9B3DA6909D45D29FB01068AC
SHA-256:	A3548BE86C732BAA9B3F7535AF98D1C010DB0A49B155672A6AE742FB54EBE40C
SHA-512:	7D1FFA13E6FD472C57E29B87CCD7A256B06B22E6C68FA96F55D26BF9F2DD601F0E49487A1EA31BEA20E0E95E621174333380006C04F595DA843BB1898D7594E8
Malicious:	false
Reputation:	unknown
Preview:	{.. "data": {.. "mssplus_antitrack_bottomfixnow_btn_clicked": {.. "attributeRules": {.. "hit_action": {.. "meta": "BottomFixNowButtonClicked",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "clicks",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "Button",.. "ruleName": "override".. },.. "hit_result": {.. "meta": [.. "Green A",.. "Green B",.. "Yellow",.. "Red",.. "Orange",.. "Blue1",.. "Blue2",.. "NotScanned".. ],.. "ruleName": "in".. }.. },.. "curren

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\hash128.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (4059), with CRLF line terminators
Category:	dropped
Size (bytes):	4260
Entropy (8bit):	5.611655458668878
Encrypted:	false
SSDEEP:
MD5:	51F63AE068525A0A9CE65CB747382E5F
SHA1:	AB3B142E93314394CFB1E1D53B8096A9ED43A5C5
SHA-256:	67373CC04DDD025DA7E357B76FC7D469245D182E180468CB837D9693F4D4C58B
SHA-512:	3DC64D39FC387F6DFFC2C9F5A1FC20021C5DD3B0C30C8B91FAE609D91057308CBDF09AAEC4C526B0DC633CE232097082271934C4DE8B6E6581553948259DC384
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var hash128_fileVersion = "1.4.114"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)\|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G\|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)\|((~b)&c)}function q(b,d,c){return(b&c)\|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b\|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\json2.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3618), with CRLF line terminators
Category:	dropped
Size (bytes):	3817
Entropy (8bit):	5.534649553785636
Encrypted:	false
SSDEEP:
MD5:	6427079324D5008E719994CD57D6F2AB
SHA1:	57A28074280273933F49A51F1E9059FE00E73F8D
SHA-256:	D7201AA522A70C9A39564D271BF9F19F4CC59216D017B88F2EA08B7125DA2A7A
SHA-512:	F5B6689F66C1A23DA1BE805D0873FC52A594F0CB9D31B06B51F7F39E35BEFCC3734E6E96B56E6548B3D00FAD5BE3056BC5F72927766D0D1459F509002121004F
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var JSON2_fileVersion = "1.4.114"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]$/;var rx_two=/\\(?:["\\\/bfnrt]\|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]"\|true\|false\|null\|-?\d+(?:\.\d)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^\|:\|,)(?:\s\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\logging.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3176), with CRLF line terminators
Category:	dropped
Size (bytes):	3377
Entropy (8bit):	5.47480094679374
Encrypted:	false
SSDEEP:
MD5:	54E42C81FDCCBE0AC571BA591CD658E8
SHA1:	C0BD91EF58B860F1DA00F16661CB9014E5C4D417
SHA-256:	F064D98CF449EF55F604E1D1EEEE928A010A8C2A06DA3E6EBC0D93E255CEACC4
SHA-512:	7349FF9A2475B991B45A738AC328377B40300401F44F365B86EFF687183F9C954637DD867C0741903D61A4EB44811B71E0E6FAC155CEE75D82731D841FED6866
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var logging_fileVersion = "1.4.114"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mappings.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (2160), with CRLF line terminators
Category:	dropped
Size (bytes):	2362
Entropy (8bit):	5.338981928348514
Encrypted:	false
SSDEEP:
MD5:	9B96221B31737995796F892F0DBDB4BA
SHA1:	9F27EF2BFA85A958F099B7B37B03531BECE00C23
SHA-256:	633CBDBBAE59548247F68C69151F2EC96222B429BC05BC43F3517263BAB39284
SHA-512:	9197C76CBD438273FC28ECCEDC48579C5EFB7F5E2FE2384CB81959850EC6B6C5E4261723B3F04504106AD1EBBA72E9DD6126B6DC269A107B898C46BCC072E7EA
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var mappings_fileVersion = "1.4.114"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b\|\|!f\|\|(typeof f!=="object")){logWarni

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mcutil.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (1832), with CRLF line terminators
Category:	dropped
Size (bytes):	2032
Entropy (8bit):	5.421428347091938
Encrypted:	false
SSDEEP:
MD5:	18378A5EB18C7D41DE0AEA56CB3E2DF3
SHA1:	172EB8905FFB1AA531016074367CDBB2D10EDDCF
SHA-256:	AECEFED3C550360CA15C01458374FF46960FB038DD6CD9E2B674F154C8FDF542
SHA-512:	E9A171B0199E3E78D640BB3F9FBE80E50950901AB7914598B7AF9FD6A6500F061B5965CF4203B791BD2391AACBBC6D192467F95EC69C099474FFFFDF7ECE2690
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var mcutil_fileVersion = "1.4.114"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observability_datasets.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	455
Entropy (8bit):	3.582535825574766
Encrypted:	false
SSDEEP:
MD5:	DC0AF256F66373834F7A5012C4871D13
SHA1:	DBF0432073C2833D23C27007B491028EA887F94F
SHA-256:	2A898C8070B4BCB4100CAD3CE086EC46294EDD9C87694F1D91E6786F78724F72
SHA-512:	766063869D60DB33B7FDFFCD0FC1665DF0203ABEAF8BEE2E25C8C929AA5B1E330AC19F6A97068F9F08CAC3A1304EB28624DE7012AE027666422F7FB6E54EE3F7
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "data":{.. "Testing.Mock": {.. "map": {.. "Success" : "Received".. },.. "default": {.. "Test.Value" : "Yes".. }.. },.. "analytics_dataset_get": {.. "map": {.. },.. "default": {.. "hit_event_id": "analytics_send_splitio_product_attributes".. }.. }.. }..}....

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observation_analytics.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (1151), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	2017
Entropy (8bit):	5.263461770158519
Encrypted:	false
SSDEEP:
MD5:	9A0756A86DD2AEF257CB1467ECAA7BC4
SHA1:	9CCA3D375956F68991E694148E379A0BD1AE28A7
SHA-256:	32B800AE003E25D728A4741777E4F4DB3AFB2D65C7FB79950282CB158C772D34
SHA-512:	A046924B809BA326F7FDA7A981F06BF7900B9C33F49DD298ED0BC90B395518D3BF0577CD165254DF9F657DDCDC5581E4515CBF13A70C06374004E0F6D02C4EC8
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var observation_analytics_fileVersion = "1.4.114"; ..function getObservationAnalyticsEngine(){./. config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\operations.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (6532), with CRLF line terminators
Category:	dropped
Size (bytes):	6736
Entropy (8bit):	5.341408996751215
Encrypted:	false
SSDEEP:
MD5:	6D6033E034A4DC4FF629BB45E34150D1
SHA1:	C82019EAD44792BD22FA045EFBE2FCD338D4D8ED
SHA-256:	63720A1F4C7719ED1ACDEA115494808400A3BAD0BB9C506D79F06960F2CE3A72
SHA-512:	27289FF8D24F4959F682A93052CDB6610B78600D6DBD403CB6699A0C4B919FA612D9FDC26781F9914EC8BE136F424A678D32F4DDBCBE15DC2D4B0141059E6E96
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var operations_fileVersion = "1.4.114"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\preprocessors.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (825), with CRLF line terminators
Category:	dropped
Size (bytes):	1032
Entropy (8bit):	5.403700179750359
Encrypted:	false
SSDEEP:
MD5:	1957CAD03CE47E5B8B5D52B3540401C1
SHA1:	FEA43BEE58913AE3C613850FBDDA772D2650D52D
SHA-256:	99E222C01573B1CC3CEA085FC065FA7CD1E85A32870CC5D9500888550747A62C
SHA-512:	4302DA56B265DCCD81DF6B3BFC3C52492927DB5654A11F3A1D4F83AC439F357390A72692FFBE11D1C6A55C4E11018F90852C4EEE32A4E2B7AAD08610FA374439
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var preprocessors_fileVersion = "1.4.114"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//E20DF6F144E8358CE37E27629DD7FDC5D2F1110A094127B44884C469763A7DEFE90D28FFEAECE05B60E727306E7A6CE2C1

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\profile.json

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1113
Entropy (8bit):	4.8133512540587
Encrypted:	false
SSDEEP:
MD5:	CF2FE9FE7C8EB2B706990271E430180D
SHA1:	81C21541C9C504C3A43CB15189E504C04DB97AAD
SHA-256:	E2DD99C69509A5550893DE432A7D75B3C6FA99C4F6D62F40F055E400E5B77356
SHA-512:	39493C928E0361AA4B9B621C9E81BA0CB4D88456E5A9EFCAE7EB5BF200817FB468807C3629635062E8AB288D862A0A460FB99B59AE3A43916BF02791637F2E71
Malicious:	false
Reputation:	unknown
Preview:	{.. "version": "1.4.114",.. "geoInfo": {.. "apikey":"atRBlD3nPU2xVcVHyaHQW9iaT4LUthwd5bgphI4S".. }, .. "data": {.. "profile_ab_test_mosaic_kongapi_100p": {.. "transport": "aws_apigateway_v2",.. "dictionary": "dictionary_abtest_mosaic",.. "datasets": [.. "ab_test".. ],.. "appid": "a053060c-3a34-11e4-8a01-005056b7244f",.. "transport_config": {.. "apikey": "eKW5FAM71o3cPLamQdUSc7lTXU0BWGKtWVxISA50",.. "service": "ab-tests",.. "consumer": "core".. },.. "throttleRule": {.. "meta": 250,.. "ruleName": "dailyMax".. }.. },.. "profile_mss_mosaic_kongapi_100p": {.. "transport": "mosaic_api_v2",.. "dictionary": "dictionary_mss_mosaic",.. "datasets": [.. "default",.. "content_metadata",.. "device",.. "wss",.. "mss".. ],.. "appid": "458fa1b2-a07f-42a8-a608-4764244bd594",.. "transport_config": {.. "apikey": "htcnZaEGgL9HlF

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\registry.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (2785), with CRLF line terminators
Category:	dropped
Size (bytes):	2987
Entropy (8bit):	5.391906290625516
Encrypted:	false
SSDEEP:
MD5:	38E8221A1F9954C4581F866D884A24F5
SHA1:	B7C992AE2B74ABDE7408232CEF178EB17AC3C01E
SHA-256:	569D79EE5F8419FB953FD758994F50CC5815D44F4F53DDD5F6EDCE901698EC5B
SHA-512:	05FBAF92671969A9773417A09B4D5B16C5A9EC870589E43B43B3E8CBD82D0837325325F91A8CFC78A97C728000FE960485A0A0DC62CE47E92FCDF970B4607F81
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var registry_fileVersion = "1.4.114"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rest_transport.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (6423), with CRLF line terminators
Category:	dropped
Size (bytes):	6631
Entropy (8bit):	5.3005420308257545
Encrypted:	false
SSDEEP:
MD5:	4A7F198BCE36FEB5E08673D1B2D69AA1
SHA1:	FD0862508788BC6D56FF49CF702D146EF1C6F927
SHA-256:	832E54A9AD812A29DC69C8ACE588BCEA85D3B5B655FFD9C12F01AC41FA927D0E
SHA-512:	9DB9E292CB55A337011C2F7E5F84E8681C0830F0E58D8617E1C943E9A2A583CFAEEB132F5F0AAD574CFBDC4EE1C1DC4703B96CDE2AC9DFC2FE5569595AFEB814
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var rest_transport_fileVersion = "1.4.114"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rules.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3246), with CRLF line terminators
Category:	dropped
Size (bytes):	3445
Entropy (8bit):	5.354970500627735
Encrypted:	false
SSDEEP:
MD5:	83408E6F5E87F10716813F0609EB9C8B
SHA1:	765C4D09E1988F32E4425F3A1616D2BD49EAE832
SHA-256:	F1877A88D8A1446C8C9C09E8A39F90500DE89F96FC29B8D59FFB07AD579B5A93
SHA-512:	A398E325CDADF4DC3AF8D42292D9CAC4F830650D8064CF3E1280AA74D69AAA792E96A08532C6231A3C5C1624A443B6B99567B712D521DFE33CC1AADCA04AB56D
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var rules_fileVersion = "1.4.114"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\sha256.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (709), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	37442
Entropy (8bit):	5.182723724496523
Encrypted:	false
SSDEEP:
MD5:	30421B29B9EF976CD06AF1C628BDCE00
SHA1:	242FE79E1369C242B8F71F3C16610F1259632F67
SHA-256:	DBC8A47CCB52356B0313A309DB23CD7EED9253846115DC9203735F0883CFB930
SHA-512:	9B13E21E08CA03CDC626CCBE288627251259EB74F66B9B10A7BE30BF45DA17B799E8C752C28DAE39DB996BD2CA2AE01588C8BD7A2358C36D7666B8442AD4F245
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var sha256_fileVersion = "1.4.114"; ../.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\subdb.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (663), with CRLF line terminators
Category:	dropped
Size (bytes):	862
Entropy (8bit):	5.496968261268393
Encrypted:	false
SSDEEP:
MD5:	944BB4D794B643EB0EA91230EE1DAA3B
SHA1:	3410E315F19B679F15C3CB862490C093A947407F
SHA-256:	432AC632D1C42EE47D994F609AD612B6D19A45275EBA3CFD4B0EA8B8AEB76F6B
SHA-512:	EA65243D1CBC0907C135F95D944B876E3668338E37C9912E5E2F6C6504997A77B0197E090AD292E3B0B4C2AE6FE0C3545FE7786D7F0F778E3A57BF20B770CB80
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var subdb_fileVersion = "1.4.114"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//5A613539DF54CF27B020D1B04852FE795E7F246B63773C9AB845982A6D7F055C95AAA4EAA30AAAA79E169CF4887FB2ABB0A1137E23886252ADA59378270B96C5++

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transmitter_template.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3717), with CRLF line terminators
Category:	dropped
Size (bytes):	3931
Entropy (8bit):	5.349626620456465
Encrypted:	false
SSDEEP:
MD5:	6F5E954F2F3F060F2ADB4C5767939CE8
SHA1:	CB34ED8B68917BCE7E1BD287E8C7D7E5510D5481
SHA-256:	BE969BD89EFC244C3E758C063C3C38885B96798D3FE24B25AD996B0773CD3561
SHA-512:	2AE07CA3CC09CCB03AA384E8541411860938972F6FA6FA190BDF42399ABA92498D486B5C14261E500FE85BE27047FB7A094D2385CF74B1DD4E4945D8559D2801
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transmitter_template_fileVersion = "1.4.114"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (7089), with CRLF line terminators
Category:	dropped
Size (bytes):	7292
Entropy (8bit):	5.243071797791836
Encrypted:	false
SSDEEP:
MD5:	DF3D64D883831400BD58879126A95ED9
SHA1:	A7918A06B4801F733712EFD3CCB16ADB68CBC829
SHA-256:	5D19D0E059ADC4ADBB79DDB57380EA066A4A3CA372605C957509948E8730E029
SHA-512:	F598D05B92218DF915968EAE625E10EE1572284BCAA9C80F0F611C7728D5215BE657107F0B5B142B287A42B3485E1B33072086473E5E31174ABDD95783A97E41
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_fileVersion = "1.4.114"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_api_endpoint.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3250), with CRLF line terminators
Category:	dropped
Size (bytes):	3466
Entropy (8bit):	5.329272530030789
Encrypted:	false
SSDEEP:
MD5:	F490FF928FA301034C1E5369339D07D6
SHA1:	B1E40CE43DE124FAE928E2BD2102354B1EA31D22
SHA-256:	C67AA9090886CAE34D3522BE5298DFA54BC9BF850845EAB71207BC76F7046D33
SHA-512:	852DA599E669A82D423E5B5DC9A1E358AC84E0E4D502AC4261D6AB721C4FDE8E76C4E4529B6918A5327C5E7DB6694BD50DEF6B5A4D9F665626B4562573359214
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_api_endpoint_fileVersion = "1.4.114"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_aws_apigateway_v1.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (4753), with CRLF line terminators
Category:	dropped
Size (bytes):	4974
Entropy (8bit):	5.407477472670478
Encrypted:	false
SSDEEP:
MD5:	3A62ECB46D55CE056DDC6B1C82D058B9
SHA1:	EBB67FD4F68661CFD97DEE58D6F2BED9B74F06AC
SHA-256:	BD72241D6717283399EED99DA7F81A6BFB19D2274BE698CB8A3D5BDB5F4EDD2E
SHA-512:	B7959A60CA64C8F3ECFDAFA9D59703351B2DE4844F905C58466AA56CBDA04086B0A4A277CDDCBE8590A4DDDA378C9CAC811950848848742E2E645E76CEFBA613
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_aws_apigateway_v1_fileVersion = "1.4.114"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_da.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (2581), with CRLF line terminators
Category:	dropped
Size (bytes):	2787
Entropy (8bit):	5.38813757973808
Encrypted:	false
SSDEEP:
MD5:	DAE9DC9F4767E1C1BA0F2292BAF0112B
SHA1:	DB2ED3395B1862ABE2B7F701B9F759609E6CD4D9
SHA-256:	576A92B11C3155A87017BA2E539812286498A8C979F9692C2922708040EB51F1
SHA-512:	CE513638798C7C5CF44D5DFAC6C8ECC238CB94D9C0A5156C7D2F6211B6BF1BE651105A3F69B7349B961823A27EF3B5FAEF8B18D014815FA7017E7EC2D03830ED
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_da_fileVersion = "1.4.114"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_eng_observability.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3274), with CRLF line terminators
Category:	dropped
Size (bytes):	3495
Entropy (8bit):	5.199846052919043
Encrypted:	false
SSDEEP:
MD5:	93581833279E8522F8EFC14966C3BF04
SHA1:	010DD699BF7509E1B16575EDBD84F559EBE07CC0
SHA-256:	4713BA38325FF8C257CC2F5DB63705AD421137043A5128906B2E5186372844B2
SHA-512:	5C7172048CAB81E0126A3E014DF52FC32300AFB45E5B6A73B3D9CE2E6C657597D201FA22318A508D18084770F4BBD0183738740A2B703E2940F26BE749173B8B
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_eng_observability_fileVersion = "1.4.114"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_event_hub.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (7985), with CRLF line terminators
Category:	dropped
Size (bytes):	8198
Entropy (8bit):	5.263467139966956
Encrypted:	false
SSDEEP:
MD5:	656AFACBD15E9B8CA9DBE06F13FEC889
SHA1:	DAD2AB0D6BD92548C1C1C4CA945FD111BFF6B185
SHA-256:	1D8283518587B2EF32DE17049F5F20EC1FCFFE9F15CEE595B3FB8AC9F9949F48
SHA-512:	67D2C75802CE9F4A47DD439B4712ACD9C999D62EB47DD950585174F50C74FEF8BE23AB59E8CC3EB9C24457C4525C27D0475F911953D598AC8D0A0AD1BA050B7D
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_event_hub_fileVersion = "1.4.114"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_ga.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (2200), with CRLF line terminators
Category:	dropped
Size (bytes):	2406
Entropy (8bit):	5.4839496030761605
Encrypted:	false
SSDEEP:
MD5:	5E5FE66ED895E9253939E2ECF6AFF3D9
SHA1:	407B2A142D0AFFE796A9FBE4267543BEE40FE597
SHA-256:	29E44BD845EA7FE3BDE0EF71C8CF2C334F73DFEE255A54291D4581A200844363
SHA-512:	F1182888702A45F14BF2CDD741489F83BA2CF6B4CAB5B5414017EE41D0C21F2958957098572EE7D39FCA1B5A77C39C6D592D1AE85300703C890491294EB5D9A9
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_ga_fileVersion = "1.4.114"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_mosaic_api_v2.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (4495), with CRLF line terminators
Category:	dropped
Size (bytes):	4712
Entropy (8bit):	5.257620084723445
Encrypted:	false
SSDEEP:
MD5:	30BB4AFCAAEBFE34DC64A5E227663C1E
SHA1:	38675C1939117C9B1393F2D1804D20819B9B34F8
SHA-256:	A47F219510EC9E1D409CD804BB2C5DF29C02A64AF95ACC0706D123662574A37F
SHA-512:	975914AF2C331B2177AB415D9F95E372DB0F0E477A3BB09C98A088DBE236E5551EBA635C45A7BC3E2ADAACC73805BD076CD125974B45D12B11557DC463179347
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_mosaic_api_v2_fileVersion = "1.4.114"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this._rtHeaders=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Trans

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_msgbus.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (3000), with CRLF line terminators
Category:	dropped
Size (bytes):	3210
Entropy (8bit):	5.244849543315333
Encrypted:	false
SSDEEP:
MD5:	63CD95F661B0AC1FA4092DA021B9D473
SHA1:	3E0B0E70F437880AC4FBB61032EC99D543404EF4
SHA-256:	B5B337CE44977BFDFEE8EF6B114DED28A8BEAFB91AE4576D97AC130FE14E3DB2
SHA-512:	FFA147D95FFB144F2745B1600C67B4B6F15190CF583431CCB8817CB714B4582352F7B7EC9692F88A9317BF37F5CFC6BA9FC688D6050CF3C065A5C400DB93DDCB
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_msgbus_fileVersion = "1.4.114"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_template.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (1249), with CRLF line terminators
Category:	dropped
Size (bytes):	1461
Entropy (8bit):	5.3380175011956865
Encrypted:	false
SSDEEP:
MD5:	E26E122B0BACA7D630EF243A99AAC2F7
SHA1:	F93785080E5E672F1AABD2575F83E1A120A5C6F1
SHA-256:	161E501CD97AAFFC1A69CE6DCD1B6D4519F86575745FF215E4C49B8ED2B0654D
SHA-512:	1AB6891B2ED18860B02AE892901AEF93FF19D533E1E654C34E549A76182213C3B8BB6C1B5BA3EA5D8FD6BA90AF1E391DA87853FA5E1342A442F1A3526EA6B52E
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var transport_template_fileVersion = "1.4.114"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a\|\|!b\|\|!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config\|\|!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wa_settingsdb.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (814), with CRLF line terminators
Category:	dropped
Size (bytes):	1021
Entropy (8bit):	5.407414719714446
Encrypted:	false
SSDEEP:
MD5:	17C871882C6C874CA0ED103FF63F3FEE
SHA1:	1F693800FF2C8063EF66F6ADECCCD3C352312649
SHA-256:	F023ED084B8090DEC646B18DE0F7F57D826B5D771459CFA3485B9199AFF88EB5
SHA-512:	255ABF929A8216485243130B08F631BA0D3833AD3933B33849BE75946F8B5C89AAA3E6B7D154D560D6A94F004EF4EE4D1E8ACBEF11F373F1825AB65F1D965741
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var wa_settingsdb_fileVersion = "1.4.114"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//0BCF996CA278776F18D980E1CD65E957514E3AC7C641017A9265F2C11C54BD2992B187E6888F1FCC84B31BBFF02150C555336672D6E3F

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\wmi.js

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	ASCII text, with very long lines (7401), with CRLF line terminators
Category:	dropped
Size (bytes):	7598
Entropy (8bit):	5.384536988836127
Encrypted:	false
SSDEEP:
MD5:	574BF04A7290D97FC5C676841AA8580A
SHA1:	0D86A946ED32595A931D14532AA383DA0F99B72D
SHA-256:	A36A85FE02E4DA4C92B5289D03E088900F00A8B61BBFF139DD96253BB22ED99A
SHA-512:	6A6FC615C99EFE69943C5BC749CFB044D5205590894F16C4FF145700F739134B0AC4DD2B284168F04FBAB2CC3470EE48A41DB3DD67A4055F1A48EE0E2E221F3C
Malicious:	false
Reputation:	unknown
Preview:	/! $FileVersion=1.4.114 / var wmi_fileVersion = "1.4.114"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d\|\|!h){return null}var g=this._getServer(h

C:\ProgramData\McAfee\MSSPlusClientAnalytics\dataConfig.cab

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Microsoft Cabinet archive data, many, 68256 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 17 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	81360
Entropy (8bit):	7.977829061695821
Encrypted:	false
SSDEEP:
MD5:	6C9F7102550881FCBB8ACA29B23FAFBD
SHA1:	240DFCC6C4E7E6AC48E27F0E2BF9496A544D03E5
SHA-256:	F3B1783C05D76E950454D9EB26DC8C9092084C77CA0561211BD3CBE43FA6BFB6
SHA-512:	DDCCBA6715A21CA2C0A03A6740FFD953F71447C6F2F1FAFCA9B3CEB2DD124309EC8835807D017CEC6513A986197A5BCEC3A3901A2409C67F471B5AD12CA59E02
Malicious:	false
Reputation:	unknown
Preview:	MSCF............D...........,...................03............................kYE. .aviary_client.js..8........kYA. .common.js......?....kYA. .config_manager.js......C....kYA. .csp_client.js......Q....kYA. .dataset.js.9)..]n....kY. .datasets_catalog.json.).........kYA. .dataset_da.js..6........kYA. .data_collector.js..]..I.....kY. .data_items.json.t...\F....kY[. .da_definitions.json..N...K....kYj. .dictionary.json...........kYC. .emitter.js..-..z.....kYA. .engine.js...........kYC. .error_transmitter.js..V..7.....kYx. .events.json......:....kYA. .event_handler.js......U....kYB. .hash128.js......e....kYB. .json2.js.1....t....kYB. .logging.js.:........kYB. .mappings.js...........kYB. .mcutil.js...........kYl. .observability_datasets.json..........kYB. .observation_analytics.js.P.........kYB. .operations.js...........kYB. .preprocessors.js.Y.........kY.. .profile.json.....`.....kYC. .registry.js...........kYC. .rest_transport.js.u.........kYC. .rules.js.B...g.....kYC. .sha256.js.^.....

C:\Users\user\AppData\Local\Temp\nskF790.tmp\InstallHelp\SecurityScanner32.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4596888
Entropy (8bit):	6.5841460391252165
Encrypted:	false
SSDEEP:
MD5:	834A987E4F283F471039365CE4284C54
SHA1:	7B32A5F0B34B113492AA530DA3EA75BC000B65BA
SHA-256:	C9B2B122BF6E541E5FC07863E0ECB8922DABFA79004D1D29EB7E6D888BF01A91
SHA-512:	67C7EA1808690CF27DFEADFB55DAE9365E222D9B5CBD557536999A1C8BBE0428EB91DD226D902D583E4CAFB1C96B770CA7558E7C94395C35EC5829B4DF555473
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........g.ED...D...D....~.......x..W....x..Y....x..5....s..E....X..L.....P.@....X..A....t..F....s.......~..Q....~..f....~..F....~.._...D.......^y......^y..E...^yd.E...^y..E...RichD...........................PE..L...2.Mg...........!...$..2.........%T,.......3..............................pF.......G...@...........................>.......>.T.... @.`............^E.......D..c...w:.....................@w:.......5.@.............3.(.....>......................text.....2.......2................. ..`.rdata...3....3..4....2.............@..@.data...8....P>......0>.............@....rsrc...`.... @......&?.............@..@.reloc...c....D..d....B.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\Installer.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [UIFLOW]
Category:	dropped
Size (bytes):	877
Entropy (8bit):	5.2855919419236725
Encrypted:	false
SSDEEP:
MD5:	D33D6273D4A553680525F68A10798AE8
SHA1:	E9D8DA1140F4DA8355741CA0E16EC9E582DE55F5
SHA-256:	F62CD148AAD0D4A67360E7A359E11A8E4D3297B76E3438E1876F76E7ED8DE91A
SHA-512:	C70E773B48785D56489CF8C6FA38A2B11FC94B6567595E33E61C599DADDCD3544F7EF1D8F9A54260C8DB94BCF010DB22D93F0E1580EDF6C8F2DC0920A3D06307
Malicious:	false
Reputation:	unknown
Preview:	[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM =/inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	377392
Entropy (8bit):	7.282404881793305
Encrypted:	false
SSDEEP:
MD5:	5DC3CCE86B3CEEB218E9F863F2F6138A
SHA1:	1AC9E4569E740935932902DE75800F764DC8CF48
SHA-256:	D9A51DB6BBC42F95E42E78437E84CD8F08B46612DBB302474C8AFD808BAB3560
SHA-512:	DDA90E140DFAB47B58202413710A0FF84815FC7AAA64C623C9B84839473B01334F68425A423C04A727362AE89EAD3BF21D47650EDD0D52B4FE7F4CA584B8C4C2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p............@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............\|..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	400240
Entropy (8bit):	7.124668438872334
Encrypted:	false
SSDEEP:
MD5:	E17E42295EF88B792D3AF84A87FF76D9
SHA1:	4AAF1789B57B5EDBBAF6CE416B09E191756124B5
SHA-256:	8FACA2B9ED48DE9DBEF7B6C8ABDF93DEB809736F3EEC4E3B43E8C8844311F6AD
SHA-512:	3C9E5EE4E01DC3B397D4550FDAC8CFBAD8A3BAFCC31EEDEEBB6BEC495BF28E381B9E4FA4451BF12CAC8CCAB6C50C99DB93F84E2F73F8B9DA594696D167AB3CEA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...w.Mg...........!...$............................................................6.....@.......................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@....w.Mg........................w.Mg........................w.Mg........l... ... .......w.Mg............................................RSDS...>...A.3....z.....C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerRes.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... .......rsrc$01.....2..@....rsrc$02................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerRes_LD.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	178176
Entropy (8bit):	6.301457895933317
Encrypted:	false
SSDEEP:
MD5:	8A5824509967A5629F2796F64D4C2FFA
SHA1:	C4BE38D93CC70259F3947DDCF31488203C53C0AF
SHA-256:	1C17FDA60EEB77E644D90B5F58180FFE6806F34D90896CA639E2224D03A53BAE
SHA-512:	83CB1F45EA629F2613AE771EB545CCB7DFD43F1CF51EE5FC612AB47315C78661D6E82C4E58718D35FD794CBEC726C58B764B65C80770FA9F29C3FBDE3DC6A991
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..........PE..L...x.Mg...........!...$..................................................................@.......................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@....x.Mg........................x.Mg........................x.Mg........l...$...$.......x.Mg............................................RSDSG...[t.B.}.b.3......C:\jenkins\workspace\ident_mssp4_master-vs2022-aurora@3\MSS_Win10\build\Win32\Release\McLInstallerStringRes.pdb.....................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..p....rsrc$01....p*...w...rsrc$02............................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\McInstallerStartup.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2891872
Entropy (8bit):	6.578978372278864
Encrypted:	false
SSDEEP:
MD5:	B218DDDA034E0B49A889A837FE3C425B
SHA1:	F422ACA34A87854B84BCDBC5F09E8AD70B1463F0
SHA-256:	E171C9C660CA4BF479A891E0CA83349ABDDEA494D103ED416FD901326C3CCC96
SHA-512:	FA9E33C2A5C8816A51D5D008B236F5BD96E95F126876EBAAA83AA60C0EAB021A3C702DDF5BEA4DD1AD1CD361027CD26B706154C001BD2366530B7EAF9C924E1F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........J...+q\.+q\.+q\.Sr].+q\.St].+q\.Sw].+q\uUu].+q\.Su].+q\uUr].+q\uUt].+q\.Sp].+q\..\.+q\.ut].+q\.Yp].+q\Fuu].+q\.+p\.)q\j^t].+q\.Tx]N+q\.Tq].+q\.T.\.+q\.+.\.+q\.Ts].+q\Rich.+q\................PE..L....Mg...........!...$.....................@...............................p,...../&,...@...........................'.......'.......).p$............+.`......d...P.$.T.....................$......U .@............@......8.'......................text...T,.......................... ..`.rdata......@.......2..............@..@.data...x.....'.......'.............@....rsrc...p$....)..&....(.............@..@.reloc..d............).............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUICnt.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	643008
Entropy (8bit):	6.475804927379698
Encrypted:	false
SSDEEP:
MD5:	4C62CD83B27CC97C1F223D87A1342609
SHA1:	48E49A46D15CD6DD9C9D510598630FF90AA04405
SHA-256:	21B2599255DE6BB4FFF70FD8E1213FB68EAB4ECDF9C6E62E098E1C377B9F549F
SHA-512:	4C5F5371F52B5F12E1BF9CDD880F9F7CB09A3D4301D57A637A4B862988D01BA1679907E74D4CE4BF8CDE3B94BDDA2DDAA05749637CB775081FD276412EA47C16
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........*...y...y...y3..x...y3..x]..y..qy.y..x.y..x...y..qy.y..x...y3..x...y3..x.y...y..y[.x.y[.x..y[.x.y[.sy.y[.x.yRich...y................PE..L...$.<b.................n...2....................@.................................L.....@..................................K..(.......@................?...`...\......p...............................@...............X....:.......................text....l.......n.................. ..`.rdata..\............r..............@..@.data....J...`...6...L..............@....rsrc...@...........................@..@.reloc...\...`...^...2..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\McUtil.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	547496
Entropy (8bit):	6.667744702863496
Encrypted:	false
SSDEEP:
MD5:	2875B97922FC5866CCE10CA7E41764F6
SHA1:	0FD21C7EAC44C31B2C93C7A2F883D8156D514F7E
SHA-256:	6BC65601A06E448A5A74BAD1C1A38F7A506B0CD40F1D998576B43D15C5BFCB33
SHA-512:	8CC027DBC038B80E31C74E141FED47CFE0B2FAFC61EC73834249D629543DD248E35726BEBAA24893CC904AD8480084E1E83C30D9F860F2FAFB1E701AED479A0E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........1.]P..]P..]P..."..OP..."...P...%..LP...%..EP..l.V._P..."..FP...%...P...%..YP..]P..DQ..."..FP...%..}P...%..\P...%T.\P..]P<.\P...%..\P..Rich]P..........................PE..L....>.e...........!..............................`b.........................`......$.....@A............................................................<......lK......p....................0......@/..@............................................text............................... ..`.rdata.............................@..@.data....0......."..................@....rsrc...............................@..@.reloc..lK.......L..................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\MicrosoftEdgeWebview2Setup.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1613584
Entropy (8bit):	7.928885269713536
Encrypted:	false
SSDEEP:
MD5:	BFB1DDF7FA6CFA1153B09DA5046A03E5
SHA1:	000AF4A0A2229D6829E7712837B70F8D3FBD93DF
SHA-256:	77298B0354A60501774F4E6FDC1E34899228158346E77C3A989F95899ACBAA2A
SHA-512:	D0BAEC7279DE0BBE40A27026156868A709EE0B69787F2C1256BA14494E43B35BF22FEFB4937F79FD41B9F930B0833BA128B3164A07A5EDD0296F3BF215A48E9C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@.......................................@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\SecurityScan_Inner.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	9860336
Entropy (8bit):	7.9957035239087695
Encrypted:	true
SSDEEP:
MD5:	555332D3D4F3197D171CB5B1331B15D9
SHA1:	C484535D048AFA74E96E80DE8A5882E75CC81F88
SHA-256:	03125B0850EE880F80F8E6A164CE2BDDEB65106771F1A71ED46C06B8F87A8DB4
SHA-512:	8E7E329F238A3BB1E5F6F847EBA579E20B9B0C047B73F922F76AF156BAE2B9CE28413B671994DAF3BAECA8BF4239CF53C9E2C5BB5F7634A1B71D622D3270A672
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`............@.................................0........................E..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35200
Entropy (8bit):	7.278358293307135
Encrypted:	false
SSDEEP:
MD5:	A38E7212C958A2466C91D06C7E7E08CD
SHA1:	90FC6AFA017D4BCF5E4DFD17460E2EF3380DF31D
SHA-256:	76F80D4ADD843D5E2B5BBD3C7DF915035806571E622B6DBAC55D13FD4AFA9CA5
SHA-512:	F6D9320D69F0C4E8A58283705D9BDEE17066B914E6262AD98EB3A4C8934F7EC7384296B4649E7C64C2FD5D85042713B40F635E90EFA2D797E91E8A2CDD9F372B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir.-.D.-.D.-.D...J..D.-.E.>.D......D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`...........@..........................2.......0..P........................[...P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..\|....P.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\UnInstaller.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [UIFLOW]
Category:	modified
Size (bytes):	638
Entropy (8bit):	5.1170666732595915
Encrypted:	false
SSDEEP:
MD5:	3D4A63890C3559291301D9BF79837E9F
SHA1:	D3B4023510AD4A5A1D90B790A46596A2159C2A18
SHA-256:	1AE3FF0EA0A4F652477C6D7FAA07374BD676BE26C611A0DD1A891D36C99B9623
SHA-512:	C83A1F3C624B3E423D7E73F55C57CF292CAA27BB360FB2481259C8C169A79F263C2BEBDBA6FD6E7DEB7F47622EDF25B336372AEA5FE163E09C4457717A26C094
Malicious:	false
Reputation:	unknown
Preview:	[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION =C:\Program Files (x86)\McAfee Security Scan..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

C:\Users\user\AppData\Local\Temp\nskF790.tmp\WebView2Loader.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	117208
Entropy (8bit):	6.488135475856746
Encrypted:	false
SSDEEP:
MD5:	91AD16B368C7703E9B3D7AC665D67A47
SHA1:	95C801D6D350A5820607253C7A3B7DF527651575
SHA-256:	5659CBAE9F3D412662515671A6C85AEFE08EEE17118C3DE1330A2FED74DC415F
SHA-512:	CAD3A972EEE03ACB3E8EA4D5D1D306EBA0E2FF65388250EBEB65FB36CE0DEF82323487A70A9FCE0D8DDF633F68A12619B3650A1BF2E2CE4876C47F5EC023396D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...vS@e.........."!................PD....................................................@A.........................u.......v..(........................'...........n..8....................l......`............... x..<...lt..`....................text............................... ..`.rdata...u.......v..................@..@.data...,............z..............@....00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\ftconfig.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [DataAnalytics]
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.0826755320356485
Encrypted:	false
SSDEEP:
MD5:	62AA0E131ACA3C262A709155696CB68F
SHA1:	350B8EA9950D8ED32EBA26D2F4D5D94AA97BC590
SHA-256:	0EEE12B0FFE65CB39C8C624B5D43085E8859B1F0FF4EE05E1921790055BEDF23
SHA-512:	3CFAABEB150803C0D32EA5593748A1F5BA23702617CDD2EAD82FF11AD61C8A8BCF63A67573852035D210F56399065865ED16D6F2606BF1420BBEC1DD4413E3CC
Malicious:	false
Reputation:	unknown
Preview:	[SecurityScan]..ScanParameters=SecurityScanner.dll /auto /nosplash..ScanUrl=https://liteapps.mcafee.com/V1/StaticUI/Default..HelpUrl=https://liteapps.mcafee.com/V1/StaticUI/Help..Rank=10..RequestedAffid=0..ent-detect=1..eula_major=3..eula_minor=0....[DataAnalytics]..TrackingID=UA-49812791-4

C:\Users\user\AppData\Local\Temp\nskF790.tmp\mc-webview-cnt.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	754128
Entropy (8bit):	6.410611291801307
Encrypted:	false
SSDEEP:
MD5:	CD7D48BB339C72CCFE7DA3A3164180BC
SHA1:	E806553AC8B062CC5AF5728FA56FCB5E9F7E0C7E
SHA-256:	7C518FDD5FD65A0C69772A6727AFCC649B4032C9B2CDDD6048F2EF13DB4042A3
SHA-512:	05985736B987A58FEEF119133034E579C0A3AD64134566A93A987595163C07D600C943A33A7ADC223C4337E331D80CA7F695DD1F575F1B8D221AEAE3EA1284CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................r..p....p....p...............................^........../....G........Rich..........PE..L.....Mg...............$............@........0....@..................................l....@.................................x........................>...C.......i...k..p...................@l.......R..@............0..@............................text............................... ..`.rdata..,....0......................@..@.data... ........:..................@....didat...............0..............@....rsrc................2..............@..@.reloc...i.......j..................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\mcbrwsr2.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	538720
Entropy (8bit):	6.652652805025692
Encrypted:	false
SSDEEP:
MD5:	4E87CE2F2F5A417B6BA0483C7BBDBB34
SHA1:	00AD3D3809915B2DE51000A62DDCD9CC518E7162
SHA-256:	CDAAC280D26AB706445DA1C8CB5660438B3E2727C48FE26510769E006EB97507
SHA-512:	A08A12A7CED53934B380DAA64072965C9F6FCBAB40C72E1901840879957EE91A2FD6FE25D7E42B8621823F81F1AC8FC0B9469EEDED53FB910902D1334619F719
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$..........7^..d^..d^..d..e.d8.od_..d..eO..d..eF..do.od\..d..e...d..eN..d..e...d..e_..d..e]..d^..d~..d..e\..d..er..d..e_..d..md_..d^..d_..d..e_..dRich^..d................PE..L....>.e...........!.........r.......1............@b.........................P......x%....@A........................0p.......q..(.......(...............`<......<W..................................hL..@...............d...4c.......................text............................... ..`.rdata..............................@..@.data....@.......,...p..............@....didat..............................@....rsrc...(...........................@..@.reloc..<W.......X..................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MSSPResExtractor.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	377392
Entropy (8bit):	7.282361172764569
Encrypted:	false
SSDEEP:
MD5:	1D4D8B99FD6458313A6BEAB28A1AA34C
SHA1:	4CC8BD60F4E579A1DC05EB8082F0A36B29D1CFFD
SHA-256:	F64B316542A756EEA0F0016C05C5F902A8FF3F2A61D7A2C1459716A5F3220AB6
SHA-512:	BFCB0D1A88EF03F5B1CA647360A78B60209F8835C4DD0DD06CAEEA06BBEF89621CC65DD0C376C8370DB20C6F123BE454B9730F6952F9189BBC65C4A58CEE814F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L......\.................`...........1.......p....@..........................p......'.....@.................................0t..........(...........0..../...........................................................p...............................text...._.......`.................. ..`.rdata..P....p.......d..............@..@.data................x..............@....ndata.......@...........................rsrc...(............\|..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	400752
Entropy (8bit):	7.121517425386084
Encrypted:	false
SSDEEP:
MD5:	6385D9CAD8F2CB279F1140DAE260EA1F
SHA1:	DC7941FDDB5EF4CA2ACD3ACAA3A5C0D026CD93E7
SHA-256:	99F228E168D01DAD320CF2D2F4D933B00286E3AE2C6FBCC8586D3B1914AF6C82
SHA-512:	111110C88A375BF62E98EEB10E198BDA2B4269840CB888A6CC305094D430FA87A190C1995D51C33510A8BCA44F05B187409AC4207836C2A3EE2ABC2F1FC0E133
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...R.Mg.........." ...$............................................................"r....`.......................................................... .. ...............p7..............p............................................................................rdata..............................@..@.rsrc... .... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerRes_LD.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	178688
Entropy (8bit):	6.297651264205145
Encrypted:	false
SSDEEP:
MD5:	770AB7FC22BE75C6BC6184D7276B8DA0
SHA1:	3C66B1DB9B261DEC33D6614C38B888C3FCC42115
SHA-256:	7C82A18D223BBE137E5103AA12081AC48CDB09562A29FB3A360D5FAD063D1339
SHA-512:	73DDC9B998073CAEED1716F0B73B6A40E3BFB5E1A0E74BC1947DFE4A1733083F27BDA0743931ABC4669297C89B8F8FAF9793EE495A8BA6085BCA54879869120F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q..0...0...0...O~..0...0...0...O...0..Rich.0..................PE..d...U.Mg.........." ...$............................................................#n....`.......................................................... ..X................0..............p............................................................................rdata..............................@..@.rsrc...X.... ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McInstallerStartup.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3264888
Entropy (8bit):	6.40811281223321
Encrypted:	false
SSDEEP:
MD5:	2296AB6FFF74334D61FC2228944FF575
SHA1:	76AF0C11E916D50A4B17C5895BAC649440228CC6
SHA-256:	870884A712873CD0A2EA41F595D1A6F2CE927D1A3DC5C7403FA5C2A68A829563
SHA-512:	C0B8E1667C8F3358A782060A795397F6069701592A71BFC3EAA50D338AE60CDE9666245C8BE52E954DCFCEE8FB28F4A34B754D1368CADE3311A77FA02DDC694F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......~..@:b..:b..:b..q...7b..q....b..q...;b..:b..;b......(b..q... b......7b......Ib..q....b...T.>b...<..?b......9b...<..2b..:b..``......db.. ....b.. ...;b.. .`.;b.. ...;b..Rich:b..................PE..d.....Mg.........." ...$.."..*......hH.......................................`2......}2...`..........................................7-......8-.......0..!..../..A...81.x.... 2..8..l<).T....................=).(...P6$.@.............".@.....-......................text....."......."................. ..`.rdata...t...."..v....".............@..@.data...T....p-..J...N-.............@....pdata...A..../..B..................@..@_RDATA..\.....0......./.............@..@.rsrc....!....0.."..../.............@..@.reloc...8... 2..:....0.............@..B........................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUICnt.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	749008
Entropy (8bit):	6.34694268310319
Encrypted:	false
SSDEEP:
MD5:	3C33FEB50BEE2FD598E73D5E6C5744AA
SHA1:	F1AE28FA57EA9AC0EEEEE23A2A002E7899DF351C
SHA-256:	BA91E402DE201FEF346731AD3A1ABA892B1B746D027452E35C33E18D4506D72F
SHA-512:	57F92D655E780B272E45280BC10E113F56D4F21494FAE39FD8040FC16D31EB828A5D69EEE967D799C5424B1F229DC2FC1A7AF70D6BF6419CA9571CB8DAFDDF77
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........<-..]CX.]CX.]CXB/FY,]CX.(GY.]CX.(@Y.]CX.2.X.]CX.(FY.]CXB/@Y.]CXB/GY.]CXB/BY.]CX.]BX.\CX(GY.]CX(FY.]CX(JY.]CX(.X.]CX(AY.]CXRich.]CX........................PE..d...B.<b.........."......R..........DZ.........@.....................................x....@.................................................8...(.......@....`..LY......C......,...X...p.......................(......8............p......(........................text...4Q.......R.................. ..`.rdata...p...p...r...V..............@..@.data....d.......D..................@....pdata..LY...`...Z..................@..@_RDATA...............f..............@..@.rsrc...@............h..............@..@.reloc..,...........................@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\McUtil.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	668384
Entropy (8bit):	6.415120440692156
Encrypted:	false
SSDEEP:
MD5:	9A2846E6C98CF5FE15299EB5016845D7
SHA1:	F81A129B0A47F71627DC289424F61A67E6FE97D3
SHA-256:	336A32B47B1906080285480331A605E3301763A5CD86041BEDE64231CAFC5C82
SHA-512:	0B35AE8F22BAA2F29F1AF804E87793393570FC350B62033B287091ACC1DD159D8B81CBB182D431406401789ED7BCA923E6558A627D79883B483990596A847F55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......Y4..U...U...U...'...U..O ...U..O ...U..{:y..U...'...U...'...U..O ..MU... ...U...U..?T...'...U... ..=U... ...U... {..U...U...U... ...U..Rich.U..........................PE..d...2?.e.........." ................`t........`b.............................P......C.....`A.........................................D.......J.......0...........T.......@...@......l...p.......................(.......8............0...............................text............................... ..`.rdata...6...0...8..."..............@..@.data....A...p...*...Z..............@....pdata...T.......V..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\MicrosoftEdgeWebview2Setup.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1613584
Entropy (8bit):	7.9288761652508155
Encrypted:	false
SSDEEP:
MD5:	C992028604D91400D489F8CAB4B44469
SHA1:	C50DB047B19F0A710DE89D19DA907F1FAFBC49D8
SHA-256:	C5A0CED608AE34E91B87FFA94FEB020598A654FE185124287A3CB0658784A129
SHA-512:	C1BBCEFC592F8F619A9CC5CA27BEEEE308FA1A63D68451E32DF42419B0D787F3B177FC81A4D148EB93903E8C47623271EB39E886694A735B4CFC1F91C229A788
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@................................./B....@..................................?..x....................>...a...p.. ....1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.. ....p.......(..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\SecurityScan_Inner.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	11838184
Entropy (8bit):	7.996911973188253
Encrypted:	true
SSDEEP:
MD5:	B1C61A18F2D4DF62EADD460D5BC7D7E4
SHA1:	4383ED82906F88C262002D26648DAE735E35B04A
SHA-256:	3B8457AA6BB18843C393CA69757EA8AC3632AC8C417BCD62C15A84486882E76D
SHA-512:	8A925CE4220ABF8F34FBF88C29939E59935091E34B3594538C025586F64B071B0297FD4DC592FFAF9FCCC878E19C046B65B4C01A80BE73E38F4C412A002A812D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L... ..\.................b..........(3............@..........................`...........@.................................0........................s..H/...........................................................................................text...w`.......b.................. ..`.rdata..P............f..............@..@.data...8............z..............@....ndata...`...P...........................rsrc................~..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\WebView2Loader.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	162264
Entropy (8bit):	6.188393265219696
Encrypted:	false
SSDEEP:
MD5:	8838E584DE6B554189DA0297B36AFD2B
SHA1:	3FD613F6C14B484446C71AA651D2CCA2C3515E2C
SHA-256:	28B898E4433291C969CD4F3BC46377B195527AD9138DF2FA57243CEB6717A6B9
SHA-512:	57984D7C948A2535C25EE01703E7DBE208768F9A8711392928107C603D2158A224ECB6F4A25C3E6E5C60EB13D08AED8F921770AF0D55A3376647DB1CC7A7978D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...vS@e.........." .....N...........K...............................................p....`A....................................................(............@.......R...'..............T.......................(....a..@...................(...`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\installer.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [UIFLOW]
Category:	dropped
Size (bytes):	880
Entropy (8bit):	5.287153058757726
Encrypted:	false
SSDEEP:
MD5:	E1C18A8D3852851885D96E7F1A5185A3
SHA1:	274DB7DFA0D7C9C7F7E12C5B068F27088395D3AF
SHA-256:	FF74D32030255DDBEA3C261A2B441C57EB3DFE99924F5AD4E7C2E5D638C9A309
SHA-512:	CD29E1A7D1C943FD98BDF473108FA558546BE21594A37DA4E710CAB4C6093D408C1F64A530857630730A00ABD696501EA5BAAC34C0C249DA258606BE15C2017B
Malicious:	false
Reputation:	unknown
Preview:	[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = welcome_wv.htm,install_wv.htm,status_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = .\..AGENT = SecurityScan_Inner.exe ..AGENT_PARAM = /S /inner..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 5..story_interval_time = 2..POST_APP_INSTALL = MSS_LAUNCH....[MSS_LAUNCH]..LOCATION_TYPE = 0..LOCATION = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExePath,1,"" ..AGENT_PARAM_TYPE = 0..AGENT_PARAM = HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan,ExeParams,1,""..........

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mc-webview-cnt.exe

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	856952
Entropy (8bit):	6.258722668913684
Encrypted:	false
SSDEEP:
MD5:	91A2BFBA73F7A9803EB559860E6D2F78
SHA1:	8E55E534D1718860A788DECF7D15A02E5E22ECD4
SHA-256:	42686E47D87202A984B9A3D0D19F8B073F805F4E3D1D348BEADCB4445D312DDE
SHA-512:	EF7138C4E81127E1C7078215786B970DA4D44FD0A5CD0D045D0F5F3D0CD52706737150F1BFD9FC2D48DD139C7B2B84F4490DA44BE4A525003B08D0668BBA5452
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............{...{...{......{.....f{..a....{..a....{..a...{......{......{......{...{...{...{..Oz.......{.......{...{i..{.......{..Rich.{..........................PE..d.....Mg.........."....$.............n.........@.....................................%....`..................................................g...............p...^......xG..........ts..p....................t..(.......@...................H].......................text............................... ..`.rdata.............................@..@.data............H...j..............@....pdata...^...p...`..................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\mcbrwsr2.dll

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	654520
Entropy (8bit):	6.346078351326325
Encrypted:	false
SSDEEP:
MD5:	48D4B0D428ACF453D8B738C4EECB97B8
SHA1:	45C524728F031E5F950EDD8CB6BCEFA891479653
SHA-256:	C54EBF13458A1B48A7D21F57BF3F064F0E9AF2D555C304A080058D3226BD7ED3
SHA-512:	BEBEE8B87980792124273EF79139EC1EDDA35AD97B8F29FBD9D80982FEB266432D4681AB3D5679C18F5FFCE5D5F1456921E52605B3B08061A8CC762B86EAC410
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......BO....\|...\|...\|..\y...\|.T[x...\|.`A....\|.T[....\|.T[y.[.\|..\....\|..\x...\|..\z...\|..\}...\|...}.//\|..[x...\|..[y.*.\|..[\|...\|..[....\|......\|..[~...\|.Rich..\|.........................PE..d....?.e.........." .........6................@b.............................@............`A....................................................(.......(.......`T.......@... ......xB.......................C..(....t..8...................H........................text...l........................... ..`.rdata...e.......f..................@..@.data...dY...0...:..................@....pdata..`T.......V...F..............@..@.didat..............................@..._RDATA..............................@..@.rsrc...(...........................@..@.reloc....... ......................@..B................................................................................................................

C:\Users\user\AppData\Local\Temp\nskF790.tmp\x64\uninstaller.ini

Download File

Process:	C:\Users\user\Desktop\SecurityScan_Release.exe
File Type:	Generic INItialization configuration [UIFLOW]
Category:	dropped
Size (bytes):	632
Entropy (8bit):	5.0853290119489465
Encrypted:	false
SSDEEP:
MD5:	CB07146613AF41E92EF07E2052969646
SHA1:	5F4AA02DE1B872135CC9827E21460DFFA5DDD347
SHA-256:	946FB534E50D767BC91DDB348A35FCEBC1019A428673201DE2750BE4447CEDDC
SHA-512:	E774605DBB60DF98815E43E543EA7472350F46563E6D6A5B7D22B0EFB11DDB29F26B32021E49D723E970AE3229E2BE283C8C054C40DCDCF503CE4CF2A40E9866
Malicious:	false
Reputation:	unknown
Preview:	[CONFIG]..WIDTH = 550..HEIGHT = 450..HTMLRESDLL = .\McInstallerRes.dll..L10NDLL = .\McInstallerRes_LD.dll..PAGE_VISIBILITY_TIME = 5....[UIFLOW]..default = UninstallConfirm_wv.htm,Uninstall_wv.htm,uninstallEnd_wv.htm....[Install] ..ORDER = MSS....[MSS] ..LOCATION_TYPE = 1 ..LOCATION = %programfiles%\McAfee Security Scan\..AGENT = uninstall.exe ..AGENT_PARAM = /S /inner ..APP_NAME = McAfee Security scan ..APP_DESC = Check the security status of the machine. ..storyboard_image = Welcome_Install.jpg..AVG_INSTALL_TIME = 7..story_interval_time = 2..........

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Install_complete.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2010:08:18 14:02:33], baseline, precision 8, 484x91, components 3
Category:	dropped
Size (bytes):	41226
Entropy (8bit):	7.509911955870971
Encrypted:	false
SSDEEP:
MD5:	43A375CACCED659FDE2F4FA45EEB1433
SHA1:	A3B15DA958CC65CBE85E6366284186F3FAA01255
SHA-256:	23EF32BA916061060EF03AAE528073E3F480BA379D37CD90F323974BBE246266
SHA-512:	62AA9ACE35A4627B274A87213EF725B8C9B9CAA831251EC30033B9E31DC2746B41959D3514203DFCD803717EB02CD5555681FF5E5BB592CA08CB934751F9FCFB
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS3 Windows.2010:08:18 14:02:33.......................................[...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....:...;...U..&my....c......}........8..c6.......dk......<T.t..V..{...\|.....5.D..bT.u\|zosc...."?..T....:.ub..../.c\

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\UninstallConfirm_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2997
Entropy (8bit):	4.872557104222716
Encrypted:	false
SSDEEP:
MD5:	D563943EA1FFD621BD264A8882C332A4
SHA1:	AE53F4A473FC36173D1649777AA8CD8FD9A58421
SHA-256:	2DB17E1A9AE0A55A2ED4C113D43324CEA64E2E967A7E50CA1983EC0CC3CF88D2
SHA-512:	DF70E1C41C780E30B37973AA1033B11D43EF98198703E9552A64732EB77656CA34C756941EFFC2AD7960C58EAF159BC61470FB04B77AD5655A84B15AE153EE1B
Malicious:	false
Reputation:	unknown
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Uninstall_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4514
Entropy (8bit):	4.539833060720786
Encrypted:	false
SSDEEP:
MD5:	B325722E6322D345CD32342D1D4ECF9C
SHA1:	BF591D7BA2E2C8B655AB79A6FF975177271AE774
SHA-256:	CB5F354F5C6F9819FF0B9F49A5BEE5D73CB5AE0647091DF7B3AC8F23C2D77F30
SHA-512:	66582E02930C4428BD8DCE36141C1F2DECC609C2F4DA48798DF818DA7FFEB47DC097AB3AB9CC716309689176B1E263459DBADBBDD064326ED94B6172F7E4CADE
Malicious:	false
Reputation:	unknown
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\Welcome_Install.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PC bitmap, Windows 3.x format, 484 x 91 x 24, resolution 4724 x 4724 px/m, cbSize 132186, bits offset 54
Category:	dropped
Size (bytes):	132186
Entropy (8bit):	7.387378622012761
Encrypted:	false
SSDEEP:
MD5:	F24AD292467A3D233D401070B42741E6
SHA1:	50FD3C45E543F9097C8981E803EBB5CED4E30F36
SHA-256:	0A9EA6FA0DDE99F1835BC33887B7D4D0F8B3ADBF5EE2BBFA431A5ADAB7A6AECC
SHA-512:	9B176535DF6AA64ADFBA4DA5DE3FF3CE4B091272E9A778C413B3B9450726A1CFB2EB4CCFFA99025C8A638BD7D166EE791E5EB18CEF7D2BC1F15F6FB9C859D433
Malicious:	false
Reputation:	unknown
Preview:	BMZ.......6...(.......[...............t...t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 59 x 59, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4304
Entropy (8bit):	7.8994200347038515
Encrypted:	false
SSDEEP:
MD5:	8D7D3D3C5D61A6620D3890820DB77BD0
SHA1:	0AC007394C3C8303524CD7250376FDBDAFE10F45
SHA-256:	007A384AE21D54D657EB98C78BE5F0C4724789170E859FF16921B72CD1A671CF
SHA-512:	8F58E94D64763B4CB333EEA398CFA608946801430BAEC55A93E5DCA8913D3D8CA258382E3112545285ABF1740301D0A06C12DC8155C45691024B4209C84C1B28
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 59 x 59, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4325
Entropy (8bit):	7.903666877414893
Encrypted:	false
SSDEEP:
MD5:	8FCAA8C7268118335034B27461C49374
SHA1:	D89400EE2355400765CF2B12086288CF934F7AA8
SHA-256:	625E2AA199F448F9F5F7F4B96F452D5FD5555B5C9B117375BA3D96C57A6CE0AE
SHA-512:	D467E69AF9281671E42773749C86F72E9B51453F6545C8D505434476D4A27EB6EC5CDF62C41A8ECC53FCF339548A962E344A6DB055364D4E49054BCC7090E8BA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...;...;.............pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_bottom_x.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 12 x 59, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3641
Entropy (8bit):	7.89981024396435
Encrypted:	false
SSDEEP:
MD5:	D85B46E10E787A0978ADBA49FCCB1C31
SHA1:	A66AEF857AFC5E22A12050B037AACCE5AC3D8DA8
SHA-256:	6C6B70561D1AAA35F4525E59E8B0DE6FE0AF707B83405448B38F544CC771883E
SHA-512:	97CBFDDCDB13B7EFAD5F2453EA6AD6715CCEAFDEC301F47A17A4D0DD7484FCA98C724A5DEC0A56061ECB84D349316A66027B2956F1F6CF18F7CCC1299D94BB66
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......;.....x......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_left_y.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 53 x 1, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3607
Entropy (8bit):	7.8985827194202525
Encrypted:	false
SSDEEP:
MD5:	4C60C0936E576D4829FCC2AB0B27567E
SHA1:	E43F32E9B30025103D260399EA64DE87A3B1E2FB
SHA-256:	7B77EDB6F6D5B8B1CB36D252292CA19633462E566318823B4F8EE779C2209B1F
SHA-512:	C32C734AF91D0A8DD5455D899BC56A1E0D860277326EA30D42B8BB896F007E1566D4BEAE2A1BAFBF034387B371E2D985BC4E14956AB82B3405579BAA4A5032B4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...5.........I.......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progress.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	3120
Entropy (8bit):	7.880684704052909
Encrypted:	false
SSDEEP:
MD5:	B7416FE546BE3165486C7BE6D78480FE
SHA1:	A9194A7F3EFC267301A2FD10A60015A2E260BB49
SHA-256:	2BFEA1538DA76701126D0F6C104F4DFD2714FC30F0A4ECCC3ACC0FCD17F16E15
SHA-512:	1D4C664316B8A1F50AF09E5FE26EE4574079BDB9D5AE4E34F22604C7ABE1C5FB22C214CD6E246EEAB0D81E0D48ACF0D883C2C65A209DD7FA5E72B0144429E44F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............h6....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_progressbar.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 1 x 25, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	7.866839551548217
Encrypted:	false
SSDEEP:
MD5:	3B10D089B98CF035317ADD8FF1D69C34
SHA1:	87104A42B273AD8911293E1FDB831A34076F6FBE
SHA-256:	C8393D1AD135DDBA989912CBD186048549ABE6C3AF83D10EB7B18DDC3FCDB1C0
SHA-512:	912AACD3AF302D1FCD8E96E1648053B7ED550B1648A60E17779DD6677A4F28BE394A1FD23251F4559BEB02B7E4190E5513BC67DD6EA384B857F8D54E7B467D5C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................(....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_right_y.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 62 x 1, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3608
Entropy (8bit):	7.903417886255168
Encrypted:	false
SSDEEP:
MD5:	04A1090C757D176D0952E0D647E04C1F
SHA1:	457BAECA38521B9C0CEF8B1DC76BF1C38634BC63
SHA-256:	0AD49B2DF7B89C41361B15F260438B48E4611464BC722EBA28D7BFECA8EA987D
SHA-512:	B09DD926622DBDDD9EC1645B6DF662D2E1526A04E88087633842AD6A7D1C53828AB03EE73D3B9FD24C170F146DEEB26A9530555406C9DE9B5EFE7E041A833181
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...>..........3......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_status.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 160 x 25, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3710
Entropy (8bit):	7.895978902318277
Encrypted:	false
SSDEEP:
MD5:	6839C3C2F327F8C26EE682B4F09121F9
SHA1:	FD23060C89E0887220BFA97B4140380FE9DED2D6
SHA-256:	4108F49369448E4AB0BCC2EDDEBF1013C21BC82CA423FD64B524853A58BAB4D5
SHA-512:	321E49DF861B146608E163DCA45F57F709FA7950F20EA1F68723B9CEFA16E2E3852CFC102BEB88CE8B6334525B50AB2BC4BB809581567FA7B410D286A7AE2696
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 347 x 79, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8389
Entropy (8bit):	7.934081204308378
Encrypted:	false
SSDEEP:
MD5:	6D4C0979F6FAD6FCC571F283EFD34CC8
SHA1:	2B6D74CC16133D287AA6EA8157B2DC3BCEE3937F
SHA-256:	D9BA134F2ECFEF8D29E102395BAAF026DAA451F4E0C4AC8F9E6B1F40B628A403
SHA-512:	FB8E8B9AFE604D89D3E3B945D87C680D516FEDA69967119707DB8660EB3BBAC5C9E68BE447C86B638A272DA8458535FE293C9AFB7A6D15D097E56602181EE9E5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...[...O...........tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:9C823A1C2CC011E8877CF836C8B2E5A0" xmpMM:DocumentID="xmp.did:9C823A1D2CC011E8877CF836C8B2E5A0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9C823A1A2CC011E8877CF836C8B2E5A0" stRef:documentID="xmp.did:9C823A1B2CC011E8877CF836C8B2E5A0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.oFT...:IDATx..].\|.E....5.d..IHB .)..1.9..\.(Q......@.T\..?....E..-*.A.H8..A....F9....".19&.df.uWwM.L.d...z.!tWWwUW.....

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 30 x 76, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4681
Entropy (8bit):	7.893974118949307
Encrypted:	false
SSDEEP:
MD5:	3382676A33AA89BE12A0B5408E65AA70
SHA1:	ABBD24E4ABA5E4A5DAED5698F3BBD2698700CE01
SHA-256:	04EDEF2BF843550E453E5ED35A450C53E76DA254C5B58A442913A8E1D37ED2A1
SHA-512:	3496D8EFF45449C98BB0F859579E44B4EEF902280232777D2AEE7E2F69450C8DC3FB7B28D42D91BE264D3A6734A7C3F52A604DF5684C88A3F5FE9407D70FBF4A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......L.....M..l....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_top_x.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 7 x 76, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3673
Entropy (8bit):	7.905104941909895
Encrypted:	false
SSDEEP:
MD5:	B19C7A6D032CBBEE8093159057655B55
SHA1:	366EF075D0ABAA78FA03EFA12B70A97F98196002
SHA-256:	45EE2939A1B93789E6CFAD7DB3E335EF0EAC0E5BAC5F145081699EC63BC3D73E
SHA-512:	6E5A2E29E54BE01FB70D68AC7580390AC194FED47AA0C1DA16217E38F4C015F406CE629B231CB8ADAC2CED341CAD606100855977823A1F938C33EA3709EFE8EB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......L.......]N....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\bg_warning.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 1 x 52, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2852
Entropy (8bit):	7.869461268734393
Encrypted:	false
SSDEEP:
MD5:	59AE56796B6C9C69B064E288C1950EC9
SHA1:	E52F6EF1B351778ECBB15DD609BF6716F6C2BCF2
SHA-256:	AEAAE2F2BD07BB724FA96E203BA0389B23F520146D588C9774E28AD7DFA6FA68
SHA-512:	34A38CE76C8CE6F40A486E51A1B7033D154DB052EBB1727E7A232B6F095724DA496540387527601EDEDA78DB18DD6FF0F3EB91D4241F776052C417317942A8A4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......4.............pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_close.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 17 x 17, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3644
Entropy (8bit):	6.8351106813606135
Encrypted:	false
SSDEEP:
MD5:	72DEEB68CC1FEF7440E2646453230292
SHA1:	C0C2E8616DF084DD61EA7A80A18C3EF9D67BF9DB
SHA-256:	DBB17150F14B4BFEBACD9FCEB53E3A90A1FC16A975093A320A075567EB2D263C
SHA-512:	F1B62E3E11BF8755E0D553466E2B10373AB4B829655D37A3E3B7BD82E46A1F8498F61412741509A83C911B220BEB998A59724F2C121120D5D6F9680B970A3DE5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_min.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 17 x 17, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3627
Entropy (8bit):	6.831346885015074
Encrypted:	false
SSDEEP:
MD5:	2E82C9D7CCC08E66AC3A25A86B935605
SHA1:	7D3606E3B74E96B4EDB1F4FD9772EAFED8D40ED0
SHA-256:	C4B4D8BB88B35EF8A861C7D1A562ED0D904C1C0D448018743FB7C54E623B7890
SHA-512:	4CCCF40C6BAC5A28A6514F56F72FB1A709C31CBFE1748523B0C643DF435C5B0F5AA1CFBE93E30BD8AF40FBA5447AE71E52521ADEE33AD428A55747BB90D5092F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 10 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	339
Entropy (8bit):	6.3103093449208485
Encrypted:	false
SSDEEP:
MD5:	EE5B2228811D94AF9890032671FA4C2A
SHA1:	26B2C94F7ECEC5E9800F5729647C93B814485A8B
SHA-256:	7E866549A0E5C34F54FA91D6EF8595230D372C35BBC9214C2B5E7257FCCACFB2
SHA-512:	A73829F4D07A52664BD96AEC73EB654F3F777D0E4214963E8281B07731DF06C9279D0BBDB93520B25AD2A20F9AA017B5D4233B8BD8F9928D8F59BF3F66703DCC
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...`PLTE.........................................................................................B.... tRNS................................\\.....]IDATx.D.E..0.............6DD..).....&.qA6..Q[.q..&{. Kr"+m..9...9.3.....)...I.$~S.K.......t......IEND.B`.

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_disabled_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 590 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	397
Entropy (8bit):	6.621501420011225
Encrypted:	false
SSDEEP:
MD5:	D431BBD8760213BD86BEC73A4C6A980F
SHA1:	99F872BCADBF3D6DEEA5FC71E320B54BEAD14E36
SHA-256:	FEA1A6934A7BEB27EE089B266C60B73CAD9B375276E49A2DA5F5C4CA4822C256
SHA-512:	7ECBB56F3D14F706F1DD3315103CD0922C8BA3D46A50AEB60E5EA3BF7240C10EA8562BBCE85ED28A30AFE376B45E6CE4D73217D8A06E492B418857E45BAF21BB
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...N..........0.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE........................................................................................;[....tRNS.................................v.....IDATx......A..Q.e.xfF...A.._.]:.R.....$B?.{.*.6.jN..x3'a....9...bN.r.......$...9...bN.rz...SVs......5'q9..I\N/s...`N.r...(c..I..7'1..4d.1/D<...J....0....6U.1.....IEND.B`.

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 11 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3712
Entropy (8bit):	7.893166546076688
Encrypted:	false
SSDEEP:
MD5:	6455D5DA9B1E7913D46EB39C9BA37A1F
SHA1:	86D53B7F75B14366226AD87285D3C9AC2DA2BB14
SHA-256:	39BCEE59B7D24C9C9AC9E690C7907CC9D997B317F808D9F677F85910BF5F8B92
SHA-512:	C6021EC65779A748B496D47D36797FDC1D77F9E30B52E734C8E9B207D182AD3D27210BA1F14722E2BDD2CBA34AE4BD9FA985BCCF0A2ECBB1EF292FEA8B6D0482
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............fE.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_normal_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 590 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3746
Entropy (8bit):	7.892892875194415
Encrypted:	false
SSDEEP:
MD5:	90DA1B09726267DC51095725BDF34418
SHA1:	796A0E547FD88BDC66701ED7AA0CDB14AEF28FE0
SHA-256:	89702D85F8A1FA97B6851486CC55A59C327790EDB5BCE3B53529A9D21AEB46D9
SHA-512:	00CE752868F24703AD748650B1AADD014284846CF0A7CE4F0AFDD8B8F683ADF65B55C1A3417E64757AE5557E417DF25449DC5D141ACEB1B27D718FC80D45D8A4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 10 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3723
Entropy (8bit):	7.891271924101642
Encrypted:	false
SSDEEP:
MD5:	F1C6A87C653A14CE37B5444001858D51
SHA1:	85F2DF6C6846E0CDFC30FD3938B7050C0CC14F08
SHA-256:	74EEDB7E2CAB2B6782F2D779C3A746818469D98025F9CE2E8E316BD2BDBC73C9
SHA-512:	245FC8B693560B25F61D2238AC2BB04C268F97C1356FB82CAE148DBAF950B7AB99C9D516359D2D97FCAAA74DA2CE8BA4BE3F4A119CF1E12FF999171DA0280932
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_primary_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 590 x 23, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3756
Entropy (8bit):	7.884924544816028
Encrypted:	false
SSDEEP:
MD5:	92872F3C167298B5DD61D00B19ABF0CE
SHA1:	E48EF34456E1418B949FDE8F1CED9B2C7235DD0A
SHA-256:	0A85D609C22CE0BBAE5C3D628310F762867191EAFE50F4DD359F7A318FFB4121
SHA-512:	FE9F9BA5799DA92D5CAB159854DDFFA7178EAEE1F60817CA2967B1C67B4C1D79C9FD9ECFAC9F38BA55386472172E7B4F67C85D7C4001AA37890C4CF722ED6BCE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...N..........0.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_left.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 11 x 17, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3692
Entropy (8bit):	7.892451285158368
Encrypted:	false
SSDEEP:
MD5:	DE6A7F757E562C20541C37F7B503C37D
SHA1:	DD71C92F502AFD441ED221B52291DE49F9181A39
SHA-256:	339BA6765564BC59F4372BA301E4F9E2AFE9087A87C16587B9017FC336EB11DC
SHA-512:	582C48F419017032B2FF8C0B9FD17FEA635438952021D062FA4271768EA85E6F74481E0C31CB4DA8EC086C0F09F97C9CA8A3DFBF5D92D7D0AF27876F768B53E9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............<?......pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\btn_small_right.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 252 x 17, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3717
Entropy (8bit):	7.890141472752654
Encrypted:	false
SSDEEP:
MD5:	C742F3EED168020D62410FABAD01BF8C
SHA1:	73133D37029253E39CE78F6AF692EB7665ADFA45
SHA-256:	C85E9DB4226738962E620134559CC817AF1FE45D1D0E615D30B4F527D83C12A5
SHA-512:	DE6D6A8EA4AB5DA441F44F37607AD0DC913815B3FB0076C7E1AAFDE5D1BE9D0DEC75E12340454C2B896D51DC74008AA6D815D4FCF83515204F8190E5FC75A551
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............1.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error-bgs.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 66 x 164, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10796
Entropy (8bit):	7.971084406088028
Encrypted:	false
SSDEEP:
MD5:	B15AAB3C315571E97FEA906C3A537C98
SHA1:	25B95C02C8F794788B637574BFDC16D691149EA4
SHA-256:	19A6C60BA0CD4E41E7D8CEE56116027A0634862914E549FC83648DF5A16B6CAD
SHA-512:	CF9190770A8AB237491C6A4CE600A393FF647F20CDAD5A67080FF1699A9573369D04AD598EF37938688A775DA3C4AC5303B8507D5C1479B951426987D3B51EEF
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...B.........#I.w....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\error_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6836
Entropy (8bit):	5.273167916674738
Encrypted:	false
SSDEEP:
MD5:	E18403BC273B7A0C55F06A72511D02F0
SHA1:	E9D582C0EFA49B00BFF951A84E3E8B195A9B1E73
SHA-256:	72DD6DA6A5AE95CDC39D5A464F4B5A0727152F251FC0536C661D5BB44E77114D
SHA-512:	B5BAEB3158DC5BD5CD3401B343D83D30B80E629029F6E8F77E9FC017043252C49E144843F440668C5F8A61D70DB7E33111274EF8B31E63C4AAEB91ABC3B1740B
Malicious:	false
Reputation:	unknown
Preview:	<html>..<head>... /BugId: 1076930 by Manoj Verma on 2 June 2015/--> ...<meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />... bug fix end-->.. Script -->.. <link rel="Stylesheet" href="base.css" type="text/css" /> -->.. <script language="javascript" src="error.js"></script> -->...<style>...body,div,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,th,td {...margin: 0;...padding: 0;...font-size: 1em;...cursor:default;...color:#555;..}..html, body {...width: 100%;...height: 100%;...overflow: hidden;...font-family: 'Helvetica', arial, sans-serif;...font-size: 12px;...color: #555;..}.....buttons {.../float: right;/...position: absolute;...bottom: 15px;...width: 80%;...margin: 16px 0 0 16px;...text-align: center;..}....a.button {...display: -moz-inline-box;...display: inline-block;...height: 23px;...margin-right: 4px; /NEED TO ADD CASE FOR LTR AND RTL LANG/...padding-left: 8px;...cursor: pointer;...background: url('btn_normal_le

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\first_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1450
Entropy (8bit):	5.016079842866843
Encrypted:	false
SSDEEP:
MD5:	250823567F1D125777A4AA3D9B4C633F
SHA1:	6642D5FE58559EB72FA03FF90AF9CA8C15ADFF7E
SHA-256:	31B893CE47FCB39E131CF21F98B344BB65CC300726C94125949B7C5391364B23
SHA-512:	F07DCC6D11C5271973D689AB3B632E61E4FF0D7F27F088D21A6302A78A0CC53E69FFD225FCDDD02EB4D5C7DE7E542EE46C73586333D11B1EB2832FAFDD58CC38
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html>..<head>.. /BugId: 1076930 by Manoj Verma on 2 June 2015/-->.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. bug fix end-->.. <title>McAfee Light Installer Hello</title>.... <script language="javascript" type="text/javascript"> .. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headI

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\icon_inprogress.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 22 x 22, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	4330
Entropy (8bit):	7.878912081982501
Encrypted:	false
SSDEEP:
MD5:	269C11AFA47FFDA54088E8BEB54992C4
SHA1:	45B53BA0CE5E1684AE862311FD7FB408BE84491C
SHA-256:	E436A7E13F794D52DF4249A2116F6C1B481F6AECD1E8735EAF9E011E228B7ED4
SHA-512:	C14765DED1245BE3A515FDAC8F65305A5E6F5DE2589E20FF1CA5A258C61B4796A57216C58FABBCF8F00C4F5ED32EDB963D45EC3F6C435537584A21A03739BE60
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............\.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\install_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4708
Entropy (8bit):	4.5415810822948215
Encrypted:	false
SSDEEP:
MD5:	A44EF8A19AFDED068262C233DC55E97D
SHA1:	F4CD6C105A4C240BCD5E2F22C9FFF3F5C99D0B69
SHA-256:	E88DEF05A3480454BF9BEB90230ACB03ABE38D5431DFF482E376851560E26CEB
SHA-512:	7167DD7FAF7A02E0051422925AE99C2A9D7E7F85EAD75C01D444EEB0F0B0B61E64825DC763FFA976CC8E3907C2130FB1889DBFC2664BD93AE7D13AAA607BE1FB
Malicious:	false
Reputation:	unknown
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\offer_background.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 411 x 125, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	27914
Entropy (8bit):	7.990084757557732
Encrypted:	true
SSDEEP:
MD5:	E876290C8FA17E8347076C3D387208E2
SHA1:	29FE5B621E0BC3FFA52ABDA6CF2264A0A023582B
SHA-256:	8FD1BE616F5BD83B1C95983AD45BC443E3ACA59876FB69D6DB579C9E9C2EFC4C
SHA-512:	4099B1CD201E772DF1A900EBEA155844112BE402FBE8DD65B4E4BE7B18C7D692F269D4620B0026829CC65C2F0467B7D8262537D79FB7AD20B7483D15426960BE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......}.......Y.....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx..{..-HP.#.W.9....\|..w......m... A.!Yv...=.S.OU..,....Z.....M...........97..?........5.+.7....cu_._.OL.a.T..K.....:.._\........-..t.....w ..S.l..Q}.......O...#...L.o..............?~......p&..........j..I.N.....:.f!.cb...6......_f!^0...<.nL.'.Zq.s..A.\|.y-.....+..Qo.N'].<....?.3.\f......U.K...P,.\|u..v.J..n1..5........../....Y..~. ....l.w.C..C6~.h......W...9\.4.G....(.b...u...P..L......o.z1...9.a7....?.....tamXY.r..C.W.B8....;.....x...q....=..!.....w....O\;~.....e.v..Tk$..px../\|@.x..V.)..xr.....!..........1.....+._....H...}...P.)v...ko_..6D.7@.}..YL..z..=..y.8.6..u'....._.e.o..5..{...w>..~.....r:............bD.;...C...4^.P%...9......').2.&....m.N....1G.+9Z.......g+7..~._.Ph.S).Z../...;..a..6?...+.....oZ...rZ.H..b...{.#]y....CSV.K..TeZ...F....^...K.W..H.q..X.}U.BJ..3...p.c`....2...-cC..l.-..5X.......n.._.=...2B........v.O]h.....g.r....W....T..bh..=,=\|E9..}.Sl

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\status_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3568
Entropy (8bit):	4.746172367572746
Encrypted:	false
SSDEEP:
MD5:	363AF35F2A418052058F626EBF657C78
SHA1:	B41E03BD98A25974E6019E039A2A88EFF33E1C3A
SHA-256:	2F7B77AE6931961CED0C3E627B756AA8B7DFA234448FD5E75B3FD30D05C46ADD
SHA-512:	8C53B204A0F306ED3561B2DF815C04606CD6ED40C50287B77F877F259B888EC3962BBAFD68A9712EAECE562C69C162E60ED41308983E00F3A71C33BC5C1429D3
Malicious:	false
Reputation:	unknown
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\uninstallEnd_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3424
Entropy (8bit):	4.908390796851773
Encrypted:	false
SSDEEP:
MD5:	6BCC42B7E36AAEA4977F1615BB9CD800
SHA1:	80275108208C6CCE5CCDE60BFEC1CF5E9296D020
SHA-256:	A2A4262A95D1861C8593A691195A681CE52C6667CC0AB6A6168B49C52EFD9070
SHA-512:	208DA5195548E2334723B45A82C617D7A32BCBA313CA6BBDD4820CAB3797404BF415C7D8C2691B1150CC4E0261E77F0DB686850B8D2FCC719F20D0CC9ED459B7
Malicious:	false
Reputation:	unknown
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	PNG image data, 65 x 53, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	7.946896059214694
Encrypted:	false
SSDEEP:
MD5:	E83EE81A5FCC3F92E3349CA31C8DA567
SHA1:	3A44167BED8E580157693AE1D632020B359702D3
SHA-256:	AA6FFE226C3DF9E889AB792E6C76289142727D6E6A2BD9BC5A71754909FC5406
SHA-512:	B7A04407A0526307131DE6F08BE9BD5F26C896E58DE3BC663AA6CB12AE51A2F9A184F4FB9ACD3E73311CA1C7A378C11A3F2AD63D3B2E25EACA2A0DC85FA450FC
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...A...5......&......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\warning_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3408
Entropy (8bit):	4.792432380835198
Encrypted:	false
SSDEEP:
MD5:	A2763D13BEF03F8B788F379C138340EA
SHA1:	E2D8933BE4C19A4E0EC8BEADD016673D0AF8615D
SHA-256:	0438BE464404D356DAD104FC81EEF285E2C4F9BCCEE9428C1BA25AB36EF94123
SHA-512:	F1EF65E2384CA38D00AF2B68AE5C335F679BECEA8C900AF9695A2AD3BE39F35F35D1890AE5CE3B37C076B3EE6443469C45220DF0F756FB1EAF49DF273A1F14FE
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var tag

C:\Users\user\AppData\Roaming\McAfee\MSSPRes\welcome_wv.htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nskF790.tmp\MSSPResExtractor.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3575
Entropy (8bit):	4.7491198392497305
Encrypted:	false
SSDEEP:
MD5:	94E0EFC80555876168939942CA56B256
SHA1:	B6ABFDC8B4ECC3CFB593D6A4A350FBAB5A384CDE
SHA-256:	8B9FA1022203B3959B5EC881C42E85CCB8B1D70CF1554AE343F794F4025F7CE9
SHA-512:	4DF378CB852110EC082DAF32E2BAFC00EBAC925C6636C47CD719C6C46C00AB8B6332FB73CB9E87A5AD9294EA4FC8619327EA3EE728610C8C678BA633FE0EB7A3
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html dir="ltr" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">....<head>.. <meta http-equiv="X-UA-TextLayoutMetrics" content="natural; charset=UTF-8" />.. <title></title>.. <script language="javascript" type="text/javascript">.. var resDLL = "McInstallerRes.dll";.. var PARAM_OBJ_SESSION = "McLInstSessionObj";.. var session = null;.... function getSessionObj() {.. if (session == null) {.. var externalObj = window.chrome.webview.hostObjects.sync.McWebViewContainer;.. if (externalObj) {.. session = externalObj.GetParam(PARAM_OBJ_SESSION);.. }.. }.. return session;.. }.... function includeResource(resourceDLL, resourceName, isScript) {.. var headID = document.getElementsByTagName("head")[0];.. var t

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999358916418884
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecurityScan_Release.exe
File size:	27'660'968 bytes
MD5:	d19f7fb266813e0fba1d009be48c40d5
SHA1:	49ad30dc2a86fb3f3f21aeeefd79bce2c9f9ef82
SHA256:	9b6d586380337296d53a605b487b442e0a32b857cccdf153c602bd1438413261
SHA512:	a3277d635573bc7d45818a91bc6d1080439e83fb700486efc74dfb1fe6a1d97811e9c6cd4f158d083abc8ca8e5c4e3b703f3ce249069b69aace0c028fc1ce5dc
SSDEEP:	786432:2fWTg0k4wDw5NQNdJO6gwQNajcQQ1xZWq2b5hWsxFe:3zgw4wwYaoTTWqw7U
TLSH:	B457332C41812B4AD739C43D6F46F0EDCB7E7EF77A40B5AA6F2807447B699821C8168D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F...v...F...@...F.Rich..F.........................PE..L... ..\.................b.........

File Icon


Icon Hash:	f0b34d6961f0130f

Static PE Info

General

Entrypoint:	0x403328
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5C157F20 [Sat Dec 15 22:24:32 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	57e98d9a5a72c8d7ad8fb7a6a58b3daf

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	13/10/2023 16:08:48 13/10/2026 16:08:48
Subject Chain	CN="McAfee, LLC", O="McAfee, LLC", STREET=6220 America Ctr Dr, L=San Jose, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=2306741, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	B3515A8A7E95C305ACE3094E13C5AB18
Thumbprint SHA-1:	AAFB69C1A3FD4C2D5207E98F818B994664DB71CD
Thumbprint SHA-256:	E310C8CE8BDB286B22EFAD3B0FEC70867B7A888200331004C19DB3687CA9F170
Serial:	47E0D8578AB200083919FA11

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 0040A130h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004080A8h]
call dword ptr [004080A4h]
and eax, BFFFFFFFh
cmp ax, 00000006h
mov dword ptr [0042472Ch], eax
je 00007F2D9C7CA073h
push ebx
call 00007F2D9C7CD162h
cmp eax, ebx
je 00007F2D9C7CA069h
push 00000C00h
call eax
mov esi, 00408298h
push esi
call 00007F2D9C7CD0DEh
push esi
call dword ptr [004080A0h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007F2D9C7CA04Dh
push 0000000Ah
call 00007F2D9C7CD136h
push 00000008h
call 00007F2D9C7CD12Fh
push 00000006h
mov dword ptr [00424724h], eax
call 00007F2D9C7CD123h
cmp eax, ebx
je 00007F2D9C7CA071h
push 0000001Eh
call eax
test eax, eax
je 00007F2D9C7CA069h
or byte ptr [0042472Fh], 00000040h
push ebp
call dword ptr [00408044h]
push ebx
call dword ptr [00408288h]
mov dword ptr [004247F8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0041FCF0h
call dword ptr [00408178h]
push 0040A1ECh

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8430	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3a000	0x19e28	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1a5e380	0x2f28
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6077	0x6200	0311bcb2ead177b380555800a8e6e6ee	False	0.6595583545918368	data	6.403859519216241	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1250	0x1400	926b1e688f085d737343e22bcf628243	False	0.4298828125	data	5.044807654453153	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x1a838	0x400	9b72314b8d9ad5c72778b00cdf336ee2	False	0.646484375	data	5.2244513108529995	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x25000	0x15000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3a000	0x19e28	0x1a000	c192cd761a2f8b017781fd898ee0eaeb	False	0.17032564603365385	data	4.017066897842131	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3a5f8	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.056089554004495445
RT_ICON	0x4ae20	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.14107883817427386
RT_ICON	0x4d3c8	0x1b6e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9115636570777557
RT_ICON	0x4ef38	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.21904315196998123
RT_ICON	0x4ffe0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.3734008528784648
RT_ICON	0x50e88	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.4918772563176895
RT_ICON	0x51730	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.38353658536585367
RT_ICON	0x51d98	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.6098265895953757
RT_ICON	0x52300	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.43882978723404253
RT_ICON	0x52768	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.4959677419354839
RT_ICON	0x52a50	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.6013513513513513
RT_DIALOG	0x52b78	0x100	data	English	United States	0.5234375
RT_DIALOG	0x52c78	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x52d98	0x60	data	English	United States	0.7291666666666666
RT_DIALOG	0x52df8	0xf8	data	English	United States	0.532258064516129
RT_DIALOG	0x52ef0	0x114	data	English	United States	0.6376811594202898
RT_DIALOG	0x53008	0x58	data	English	United States	0.7840909090909091
RT_DIALOG	0x53060	0xec	data	English	United States	0.5042372881355932
RT_DIALOG	0x53150	0x108	data	English	United States	0.6212121212121212
RT_DIALOG	0x53258	0x4c	data	English	United States	0.75
RT_DIALOG	0x532a8	0xec	data	English	United States	0.5042372881355932
RT_DIALOG	0x53398	0x108	data	English	United States	0.6136363636363636
RT_DIALOG	0x534a0	0x4c	data	English	United States	0.75
RT_DIALOG	0x534f0	0xf0	data	English	United States	0.5125
RT_DIALOG	0x535e0	0x10c	data	English	United States	0.6343283582089553
RT_DIALOG	0x536f0	0x50	data	English	United States	0.7625
RT_GROUP_ICON	0x53740	0xa0	data	English	United States	0.63125
RT_VERSION	0x537e0	0x2f4	data	Chinese	Taiwan	0.45634920634920634
RT_MANIFEST	0x53ad8	0x349	XML 1.0 document, ASCII text, with very long lines (841), with no line terminators	English	United States	0.5517241379310345

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetCurrentDirectoryA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Chinese	Taiwan

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecurityScan_Release.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\ProgramData\McAfee Security Scan\ftstate.ini

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\aviary_client.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\common.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\config_manager.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\csp_client.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\da_definitions.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_collector.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\data_items.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dataset_da.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\datasets_catalog.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\dictionary.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\emitter.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\engine.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\error_transmitter.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\event_handler.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\events.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\hash128.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\json2.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\logging.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mappings.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\mcutil.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observability_datasets.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\observation_analytics.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\operations.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\preprocessors.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\profile.json

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\registry.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rest_transport.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\rules.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\sha256.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\subdb.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transmitter_template.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_api_endpoint.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_aws_apigateway_v1.js

C:\ProgramData\McAfee\MSSPlusClientAnalytics\Scripts\transport_da.js

Windows Analysis Report
SecurityScan_Release.exe