5af1ac51233d835a90efa2bb6957ecae64a29905086fb30d674bb30c44892d58

Analysis

max time kernel
52s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
Size

1.7MB
MD5

34e6c4dbc1b3e5a37c11bf40bd6943c9
SHA1

64f83d6da27c36a3ed40003096df67fc5c840e20
SHA256

5af1ac51233d835a90efa2bb6957ecae64a29905086fb30d674bb30c44892d58
SHA512

e0c9469eeb792a78f5829038d68a7ab081a297371413523aa15bba4246d2edab27e63a67fb4c9da45096b66879a47644b4d57f1aef0badaf2b9aa1ebf64a125c
SSDEEP

24576:C7FUDowAyrTVE3U5F/LjbZe0cQ9RU36Sh/SMhXzF58vMGIYTAy+S7kSF:CBuZrEUb9j6pjIMGFTKake

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	component0.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\ReasonLabs\Common\Stub\v6.0.6\Stub.exe	UnifiedStub-installer.exe
File opened for modification	C:\Program Files\ReasonLabs\Common\Stub\v6.0.6\Stub.exe	UnifiedStub-installer.exe
File created	C:\Program Files\ReasonLabs\EPP\Uninstall.exe	UnifiedStub-installer.exe
File created	C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe	UnifiedStub-installer.exe

Executes dropped EXE 7 IoCs

pid	Process
2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
3796	component0.exe
1580	saBSI.exe
2724	3emtnha2.exe
4348	UnifiedStub-installer.exe
4420	rsSyncSvc.exe
4912	rsSyncSvc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5244	2196	WerFault.exe	84
5288	2196	WerFault.exe	84

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	saBSI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3emtnha2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0007000000023464-94.dat	nsis_installer_1
behavioral2/files/0x0007000000023464-94.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	22	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
1580	saBSI.exe
4348	UnifiedStub-installer.exe
4348	UnifiedStub-installer.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3796	component0.exe
Token: SeDebugPrivilege	4348	UnifiedStub-installer.exe
Token: SeShutdownPrivilege	4348	UnifiedStub-installer.exe
Token: SeCreatePagefilePrivilege	4348	UnifiedStub-installer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 2196	3188	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	84
PID 3188 wrote to memory of 2196	3188	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	84
PID 3188 wrote to memory of 2196	3188	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	84
PID 2196 wrote to memory of 3796	2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	99
PID 2196 wrote to memory of 3796	2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	99
PID 2196 wrote to memory of 1580	2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	100
PID 2196 wrote to memory of 1580	2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	100
PID 2196 wrote to memory of 1580	2196	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	100
PID 3796 wrote to memory of 2724	3796	component0.exe	101
PID 3796 wrote to memory of 2724	3796	component0.exe	101
PID 3796 wrote to memory of 2724	3796	component0.exe	101
PID 2724 wrote to memory of 4348	2724	3emtnha2.exe	102
PID 2724 wrote to memory of 4348	2724	3emtnha2.exe	102
PID 4348 wrote to memory of 4420	4348	UnifiedStub-installer.exe	103
PID 4348 wrote to memory of 4420	4348	UnifiedStub-installer.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
"C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Users\Admin\AppData\Local\Temp\is-E2QSF.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-E2QSF.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp" /SL5="$90052,837551,832512,C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component0.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component0.exe" -ip:"dui=1b74ca46-c49b-4c52-a57d-8cd1ff70c625&dit=20240811125015&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=&se=true" -i
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\3emtnha2.exe
      "C:\Users\Admin\AppData\Local\Temp\3emtnha2.exe" /silent
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\UnifiedStub-installer.exe
        
        .\UnifiedStub-installer.exe /silent
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4348
      - C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
        
        "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
        6⤵
        Executes dropped EXE
        
        PID:4420
- - C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\saBSI.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\installer.exe
      "C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
      4⤵
      PID:4428
    - - C:\Program Files\McAfee\Temp3948151882\installer.exe
        
        "C:\Program Files\McAfee\Temp3948151882\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        5⤵
        
        PID:4844
      - C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        6⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        7⤵
        
        PID:5144
      - C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
        6⤵
        
        PID:5308
- - C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe
    "C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe"
    3⤵
    PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1796
    3⤵
    - Program crash
    PID:5244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 2396
    3⤵
    - Program crash
    PID:5288

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
- Executes dropped EXE
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2196 -ip 2196
1⤵
PID:5172

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:5784
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  PID:2528
- C:\Program Files\McAfee\WebAdvisor\updater.exe
  "C:\Program Files\McAfee\WebAdvisor\updater.exe"
  2⤵
  PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:5384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2196 -ip 2196
1⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=2&revision=0&platform=x64
1⤵
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffb02646f8,0x7fffb0264708,0x7fffb0264718
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,434530707772059056,14852440907041301668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3488

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\McAfee\Temp3948151882\analyticsmanager.cab

Filesize
1.8MB

MD5
5be9597eb624a4897d79402c4cd34b6b

SHA1
0998b43ef247820ddaf7655a3ee527a64b8b41fd

SHA256
4d2c613e6cdd7ac00025b5da1329d52d63628257ff44a1686ac230f25cac2862

SHA512
524937dc6ccfa241f96dcd7c9e9df0be6d8faa680d4b641b8a49cc687884b7e5b3a6939e516e3486c89a3a706f0ff5318581eb05edcf84b8740ff64baf110b39

Download Submit
C:\Program Files\McAfee\Temp3948151882\analyticstelemetry.cab

Filesize
59KB

MD5
f9424b351f5fd545d96ccc3458777f3a

SHA1
fe13b0160e4cf4340952b4ce120ee4cc4ade29e4

SHA256
b7cbecfc093acfc824fbddac62e091b8bb04a1d0b59060e34cf715e1d93ae1c8

SHA512
dcc46a38db86aac6ba7e1083a7a5c0c9ff4aa91cfeee5c0a7ae6eb7f369521d8d575fa4261c3153a56777c851122139e781efff3ada9a1879450abd09702677a

Download Submit
C:\Program Files\McAfee\Temp3948151882\browserhost.cab

Filesize
1.3MB

MD5
41840bd10dda1409adf6d83175c0d981

SHA1
b363a2922f5d69e22641bdbc3d070de324ae2d1f

SHA256
a94ff5f7d7b84a416eca7f6f42d9bd012d1051b91dc574633429bce822f51c12

SHA512
8828623e4965c88ea631010f2ede2e1c42b26183a00e50f665c37fff930956a7b4089629e24a728210fe61389dcc109386629280c3a5457e6072fe7ccd3820c1

Download Submit
C:\Program Files\McAfee\Temp3948151882\browserplugin.cab

Filesize
4.9MB

MD5
253337eb5d13a9f79378de0904b0e448

SHA1
5dcf4b41d3ec3eda26e7e25c9221643b62468962

SHA256
05c9b53b895f9c79eb9e429f2bd11651a4b51018b9151fefe41d835212d515f5

SHA512
b7e2d2eb1dc29e1f5b87f73133ead258776aaf2ae21ba43d21d1fb91c61079cfd649be6c1aa2c2d9aa9982a1ba86978df18f677cec7b15919b1f2d44c888eef1

Download Submit
C:\Program Files\McAfee\Temp3948151882\eventmanager.cab

Filesize
1.5MB

MD5
cb3c3baf9d0f30958c3b9df32352a058

SHA1
ca427e00cdaa32f39fb4a6df8ba1aff5b8200f16

SHA256
054ef467f43e73d3c5687966e8a2be5fe41ed099875ba179ea6a446cb8b75ee9

SHA512
9567c4fc176e31a5ee06769f103c8d4d03ef6b873827b3efffc09c4329620c1d817ccf641004c419e4438f69820681b223a185ad415991be3af70d60f70ab3f2

Download Submit
C:\Program Files\McAfee\Temp3948151882\installer.exe

Filesize
2.9MB

MD5
7891a2a1d8a263db846292708a8ed1f0

SHA1
4044ea34ca9d112133e3aa5aed14a7c0ea952d36

SHA256
6bf9a3e9f2874cc5474dc107a90c0484cf26c9c817a2f23a7e004b4e611180c0

SHA512
00abdd3086e0528063216fbb44b9bbd18890b7629579361b54f751e8a22e0a3ee4f05a483ac4c3188ebb2c85c45f6a5922e7f1db3beb1ca0303c0fcf122a220d

Download Submit
C:\Program Files\McAfee\Temp3948151882\l10n.cab

Filesize
273KB

MD5
fca9378018e30742bc2c1fdac03fad41

SHA1
46f9df6312920424d3f20914dab59874551f57ba

SHA256
df2a4c968dce5c9a03ce10e2d0ffa243fd20b94e0d1f60d49a2709353efc4a02

SHA512
0d39532169b19f240779129ecc49b4e582373350d51b73f3cfc91cf0b655f7845df48c57a219391926cd3105a5825f55a14db28c76be9ed9e8d9d4bfc5e54b78

Download Submit
C:\Program Files\McAfee\Temp3948151882\logicmodule.cab

Filesize
1.5MB

MD5
a56c6d0e52f42d6546dfc17d1b539294

SHA1
463071d9de6f6113d6d31890b50a49ca5af67354

SHA256
6c9941e674abe2cce976f8bb49d11235b1563281cba8736aed383f9b79eaabf3

SHA512
3f4a1211b17db79f276f9ae5ef9855f10780b2f8fce4d0308f672edd34399e6126e3f5694feb3c515d2d6afbd016830a987df28fc4390f5cfdb1d9d9b8e97e04

Download Submit
C:\Program Files\McAfee\Temp3948151882\logicscripts.cab

Filesize
60KB

MD5
c1adad2f314d114594aead6816ea02bf

SHA1
be8e53c61500376514848d007115293c88ea9b6d

SHA256
f27e1c439d4c9ca4296b7c463ce76ea15870dbb8210c58ab4ca5f20d01112f7f

SHA512
b6b5f50b81c24d801205ae9234ba5ffccdf25fe6c557fe284c83d80c7d0eac9e4f6ce5d3b2804484626269166f418476433101ab916bbfdde6535cefb876caa0

Download Submit
C:\Program Files\McAfee\Temp3948151882\lookupmanager.cab

Filesize
1008KB

MD5
a447b6c857ae29a8b8f2e3bff007df6c

SHA1
f3d245b7ef702290c82f8b6c35ef973bcc2acc99

SHA256
55fb14f82bdb042f9a231dd069451112a2a792e711b96e593e264652c87e3b90

SHA512
458838d2f2f9f5f4145db622dc44694a05caec9fb9d61fc7b600f108dfa5b0343dbbd99dd0a92ba938819cf4c5eb641c939cf9616d69f8ee049b8ae750e51d46

Download Submit
C:\Program Files\McAfee\Temp3948151882\mfw-mwb.cab

Filesize
31KB

MD5
eeba6fe0bf59eea07384faea7b8b57e7

SHA1
8a7bc85e488c3063ad6fd644eaf66942d28be34a

SHA256
d2c592dcd51c0ccf979634bb969eda7b4b3d69d5e9b225fe15b5a0a9a8a0a45e

SHA512
8daba71ee57042972f796afecf3c7020020a4951bc1b9fd4c867935c6539bfd85e78c794e27e99912aff7d0d2d0ddb37e727de1955fd044dd36dc8b8364a9837

Download Submit
C:\Program Files\McAfee\Temp3948151882\mfw-nps.cab

Filesize
33KB

MD5
b9071741dd0de141bc57f3c43a911202

SHA1
9cef3cce37c8094a8609e39908fda7c8ade5b59b

SHA256
ec74a91cfb9d3ab75b0c33fd9f92140d00d2ff0a52d5080a6aa4dcef6834bfa4

SHA512
9e665f265f75e010ccfddb013c73e83b1d8b04eddfbc338deca8c982d5faaf4bbe2a9dc872e3d4739ec9ac29f0c74aa650effeea90d3967c8fb75d4c56032ccc

Download Submit
C:\Program Files\McAfee\Temp3948151882\mfw-webadvisor.cab

Filesize
573KB

MD5
0f79f075560c6c91116f4162c268ae54

SHA1
b03607d04958038477fd4dd5adb2a2dc0632d6ca

SHA256
f89ab4291eae4b52e1adfa639f1776fb95ed411257a67b274e1f727e859bbc5b

SHA512
f7966211c9e24eeb495a01d8185740a60634de0dfb19e1e5e78ab2c3184086ef256b68f3ca0eec7475302c13eaefe13aecd9d123fe5f3486661de3df51dadaa6

Download Submit
C:\Program Files\McAfee\Temp3948151882\mfw.cab

Filesize
310KB

MD5
320a057206bdb5a7ce1a6cf9e7502557

SHA1
b851e2d941f013b74f64e50130481711460fd3a3

SHA256
9f5c0192d1e924a9e3ef4590ec4f2483bd59da98227bb24970180b000759055f

SHA512
1393d881255bd5c7562cbc956f112d2945af6fb53a3e80744f58702211df72cc549ff02d824de3f681f38b2dac45367db3f74d12b94328e4f7942d6c2b213bac

Download Submit
C:\Program Files\McAfee\Temp3948151882\resourcedll.cab

Filesize
50KB

MD5
05a260ee8a80494001fa1d4c7fa5a357

SHA1
029898a55602d45dc656d43585f05748f4a10e5e

SHA256
5e6b92af5b48255e96cdb4815204b597bcb01332da99f16a33239b30f9b9e2d9

SHA512
13adc543ed493498e1cf6d7087cec62e8dab689a9795101cf4df905dc6c3512effbb839e366c9abc1aadfebaff645cf31611e86f215e73d1fd6cb55178fb2d35

Download Submit
C:\Program Files\McAfee\Temp3948151882\servicehost.cab

Filesize
339KB

MD5
c8a4a500b1930513d44af040a04c3931

SHA1
0cebba3d1012035c4799e97457c4e7a6f118d836

SHA256
a2ec67d5b61acf73159bacdbeb4bc95ffb5a51010ab5bfbffa8600da03180de0

SHA512
cbe176ee7968ea8d84792f0abe78b049f455902aba5a7c87d3ffff3cd679749d417084e27c88c1dc8de36791ac0ce3b09e0ae9818555e1d0d69deccfc58ac63c

Download Submit
C:\Program Files\McAfee\Temp3948151882\settingmanager.cab

Filesize
796KB

MD5
abdcda6e45d446e3fac2227f1086b7f2

SHA1
850a5bc7abf58be91a844ce0f4bd91a587978d2e

SHA256
eedb70f956d92e3e2d7512f59c8f00637ba8f6dbc38ce357fcce0043a262006b

SHA512
d64f13a94f874cb48c6dc6b2c9ab0308df81de1a4d647891961e17da7e5f9da6c2e24e8693307591f9a171c5789816aaaf73727398bde4773e6ee973323018d8

Download Submit
C:\Program Files\McAfee\Temp3948151882\taskmanager.cab

Filesize
1.3MB

MD5
0894bdf9d21c032f464d71b1f5bd31ba

SHA1
0b60cc31217b1b24971eb39f67ba54291543fd69

SHA256
79bd696a281c3eeaf42e5373d46e9caa7993a0ca7d07bb6d9a6e034cd7f999cf

SHA512
e01a49270d2f272c0c984baf32b114a5d294ad463968fd821b82971075333937292c1026a61f135cd1eb851e2ec0d75e7766e2d61b613e40fe144ff7d2222764

Download Submit
C:\Program Files\McAfee\Temp3948151882\telemetry.cab

Filesize
89KB

MD5
656d5d8d3bccf3dddb443eeb6556dbe3

SHA1
b9c77ef1b9f64f2533086b9fc2024728b3e33034

SHA256
b09b64ea667d7638b054217d617dff83b3e2b0fec92271c4228df324124f4ef8

SHA512
6b2a29d66ec4663cdc14137a26c663a239fae440bd6a23f07d1e585fcfc4cfcbcdc8df08475edfcde012c808b67be70e30811b13bfcc0ee80b612fee3dfd38fa

Download Submit
C:\Program Files\McAfee\Temp3948151882\uihost.cab

Filesize
335KB

MD5
d4b05b3d41b6349234b48e6c0a7ad2f8

SHA1
8d277c3eedf5a650a1ad25fc43609519aa0b773a

SHA256
93ba29bcf9b1d61cf1b8ac456141f3c2416506060741f3ee908de59451afc312

SHA512
028006c483c103ad2fad92f18fa3ce33b312380fb995d653b9a2d386d6a7b0cb42fbcc51cc8c1a600b7be227be3840ce5afb56c14679db09c27fe317c571df69

Download Submit
C:\Program Files\McAfee\Temp3948151882\uimanager.cab

Filesize
1.8MB

MD5
d386a056952aa84bdc20fc2e73075102

SHA1
7ecd4accd817e47a6b84c7e6f48eaee11fade196

SHA256
73453d0b006e9bbf3c0d47da6740dd058d456e317e694f8c617ffa80874c7299

SHA512
9f066df00221376ef5e790eb2c3cff8e70aea16604e5ede23294d1624b2d2746dbc46ada26dd355b15e02cafd2a11cf26267050fe5ccea1ba6a118006fe1de22

Download Submit
C:\Program Files\McAfee\Temp3948151882\uninstaller.cab

Filesize
988KB

MD5
9b05a0c33183b3074bf15eb3e4188a08

SHA1
be04bf97d0120a4da92cc41a8044865a1221faee

SHA256
1fb7abd4977a7dc6f43113b21a4022b1097475f65cadd6d179ef0368beb28487

SHA512
1fc8be40429ea83b3f6fcc8418237613bf2d53efb044a088255026f10b91a422d61b71d472a8b6e45fa5674b08d9036c82fa92277e9bd898cc1fad89f4bed1fd

Download Submit
C:\Program Files\McAfee\Temp3948151882\updater.cab

Filesize
975KB

MD5
c4a33acb72e38f175643df1f4885fa08

SHA1
2f43ae32571b98209f06e477e241ace819e9a7c0

SHA256
b870afb0e5fac44d1ba71dbf40f47991f20b54f8926bd620b2dd2f44975e509e

SHA512
9488964b486546413019ea070a3d21aabd79e017c23942706c863a9a75b26e3417227e32a10a0e8c61bf3094b26e7a49dd7ed8b33b217a330b9210f3e1357e36

Download Submit
C:\Program Files\McAfee\Temp3948151882\wataskmanager.cab

Filesize
2.8MB

MD5
ac05241d59f482ea308ee71758098453

SHA1
2203c08527c24f9c55e46ba700be1cf0383e741a

SHA256
d6b07588cc9f523f4fdb35b904a954ff594237f9330d68dbd7ea61751445464d

SHA512
4f1bda65555dbb4c4ece4c8e45c11de74267c373f92ff46811011894f72c72a3326e5ce96f90f39f4e94d9d9c89152e0ebeefb09539329d06b12e79f905b0bb3

Download Submit
C:\Program Files\McAfee\Temp3948151882\webadvisor.cab

Filesize
22KB

MD5
eb9dc6e92aaeb766ea0ddd6dc1675f18

SHA1
7ebb0b6a317cf2d3240094edf014aab8a5c71f9c

SHA256
a169c580b122ad54087903134984b54b6aa2deb76faf0f1534ff621ce7a8cc2f

SHA512
9f0e3d1c30ae3e5739c821730e5ba9deda71f425ae92b7a4ab00b29999db8d49dfb5d58ef4ed7b91ab8133ddd8fa2bcc709c8d5240c03cdee7a4c6ddf4b6cfec

Download Submit
C:\Program Files\McAfee\Temp3948151882\wssdep.cab

Filesize
586KB

MD5
665c741b1f80de536088d951f0bc793c

SHA1
184f5a895a746de1a1c707cfb68d40745fef3f56

SHA256
abf588228567d558edc7adb950f5ac4067746564eacfaf6364611573bcad9909

SHA512
4929819e0d7b5ff9dc240e928c1cad96bc457d5f90c81949e6b481ab7ba3fc3e600c7a3e3b7bac435cba5626e336aeb03abe299efeb5c3c4c7fd3fc968ed3bde

Download Submit
C:\Program Files\McAfee\WebAdvisor\AnalyticsManager.dll

Filesize
5.2MB

MD5
3d7e6a86f9aba5ac888491626fedb5c6

SHA1
267e4a0f5ecdaab815e44333d20f74a7c2fa43c7

SHA256
52b3595100b25552d1088533ef7655c7ca5517c81a1bfdab9ffaf9f10a528a0c

SHA512
070897f9f459ea3d3b0a77870aa38361e0a604e54817973a3f69ef83b0b98e24d935aaed09bc9f80c95bd4e7d58be3afbba70eb9def5160de50997de07aaa43c

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
73KB

MD5
bd4e67c9b81a9b805890c6e8537b9118

SHA1
f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27

SHA256
916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8

SHA512
92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5

Download Submit
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

Filesize
915KB

MD5
ad677f565503dc0f594c523e21c7c786

SHA1
4552aab5de1b677ce9c22b686daefbb1467a2724

SHA256
417bb7d1796f87f4c281097ea2c6e3af5eefa42f951375edaab7056249500e11

SHA512
0dbeb28011aba75b2262826ecb39cd597740aed7d0b0ba24643eedc56d593f9437355f0a953c40e0adfcc2dd16b1e770d1cebc3221c7fe438f6cfc14fca107bf

Download Submit
C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

Filesize
1.9MB

MD5
e4d4d439488cb7c7cc43583016978e5b

SHA1
858a31bda072d1d9d4b91fdb7a6fb43219283b62

SHA256
e916b4f9e84660377a28f0a737349630d332931937afc0f759a8219ed6e17541

SHA512
545f961fd90f8c87b32a09fc5c091b17e98c36f037df2b89aa3455f6038485a7eee436225728f04b7612da53035f48e10d4be9f9dae22f0c012f98c6cd38156c

Download Submit
C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

Filesize
646KB

MD5
6b8f4f525f49f76d673ddb7d8763b14d

SHA1
dc1110f8706baa9d3ebf25a503ec34442bcb5b1a

SHA256
caa333d19234f8ff90119ae0361aff6f01c74332851aae149f7f56f7c6b5a934

SHA512
d7a195eaa57f188565de096fff7c6e24535644fdd3ff0ea9a3b0b881e40d49a28b2ee30555b723d9714642331b309547fabdd13637f0d4889fde0a01774b69f3

Download Submit
C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

Filesize
803KB

MD5
4ea91a66a588314d28db2bd84568aab9

SHA1
ffbeed2b347f56035a0eecf5bc03934d69d2ae13

SHA256
257a14d199f6cbfcadab22e20e0a45692f151be6d3385e2bc53b761197f8b3b2

SHA512
76cb2a00eb94cec292d25088ff9950a186cc73ec2c79e42294657c22cc7c31d866526d8a464c06bcaa4a102f9d914ab470c96e4545e70dbb76293ba50c7914a7

Download Submit
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

Filesize
798KB

MD5
f2738d0a3df39a5590c243025d9ecbda

SHA1
2c466f5307909fcb3e62106d99824898c33c7089

SHA256
6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21

SHA512
4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
ff6d78eb432e4996cb0a9d8684cf7706

SHA1
4394f594d5002d6b9cd8e77e1f681cb2b5eff11a

SHA256
ff0ba54378705a3e4b6ed087aed2eaf8fb5ef026a6ec45d30f4579abbf521734

SHA512
554ae9c4ad3df2c502bca0d7f2b6da34a86b25839a7fc1e2550c2c66faf4f558fa2d5d91a1757e892149715df5b58584b6c31eab145b420c53da206977edb1c1

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
2KB

MD5
f37552735f77c53d9eadba065b1e8599

SHA1
b2181e13cddfdd98de00610c9a781ac86712029f

SHA256
278fdd6765c4cb2572f2788a2c5c9927bdc8a036c116f101a851e70f4a18049c

SHA512
c651e91c4b34ca58842d1b61ea37d7929286d43da250c8726e566f4f09cedfcd039a5721aff05a03b6da00bc86202aa9c069ee95b90fb68e651107611ecaaa4d

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
6KB

MD5
87d5f6881e1b35ded124b35b9635b2b3

SHA1
da0c049d923f76a2fe8c8b9d935b874f215d2932

SHA256
2b210ba7dd0687ea382a5236788f9afc44390e446350372c529e596536b284ea

SHA512
eff39cccfb171c1701b24761a148874fc91c58f3d235da3fa50e2ac801f7f62de1dc2b00de46647f7e389fc9c5c5abd972ba7531c7af97d3f362afbe712d7647

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
edc347cf8c11a80afbb0623a26479c89

SHA1
2ae780552a2a52ebe3ec2c577dc60ae02a5e41ee

SHA256
2ca37ea0bbdae6672e7c8632c2d4714879b3ca05c620e15d4621e1d6d92fdd99

SHA512
76c7a025c6fe1fbd35c6164e487d2f0448ad82d0d11b01c3ebc526ce2f7e20598d12e765ab5ba28715dc7d954888cbb95325370ce018c5c2d1f4891bb2464e8f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

Filesize
1KB

MD5
04fdbf9e8b0d3faa7b727e7482822a30

SHA1
b878400dc37467d43805e5140cfd1068233ff443

SHA256
096fbcec1525df06145d99872427e5d7dc47497f9ca45930d7d88f4e276d9bd8

SHA512
a4c83c7d6bd38f4a47df6375906eabe3705b7a6ac1efedad2b970f4536ae1ed0fc77e21fe0b329e0882f31ec86385af8493f98f5dea7338e0a085b88fb1242e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44d9bdf8938c909709b49d7be521561d

SHA1
508b0799e15df76074bd8f63e89a300770a11a36

SHA256
7673cb78e02ce5bf2645784354dda1946368e1d7526e61a20757dfc99761e476

SHA512
8d4582c49bdbfcb123635330778bf2a2688ba3abaaa3065a4167a127d1dfa0b82a9477ca49b1581494a70b504aeba16459814ccaf78af6add8e2ac06d7d975be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\3emtnha2.exe

Filesize
2.4MB

MD5
3246718c2b1f9ed563ad440a6da0f5c3

SHA1
073c1a81320f5666351d9bb36810d0b28df37722

SHA256
1cab2557d1a2dc8376bf3a6309299f014a707b7b63362b92ec7f9441f8638c84

SHA512
ae6d20ee7a55c3bca56d41003d79d8673bee0acab5c858646d55e274dbe55362a5ad05e7bfcc62a6ba45def0c5cded0ce670c64e7d9cff05c4705e79d709cfc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\Microsoft.Win32.TaskScheduler.dll

Filesize
340KB

MD5
e6a31390a180646d510dbba52c5023e6

SHA1
2ac7bac9afda5de2194ca71ee4850c81d1dabeca

SHA256
cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec

SHA512
9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\Newtonsoft.Json.dll

Filesize
701KB

MD5
4f0f111120d0d8d4431974f70a1fdfe1

SHA1
b81833ac06afc6b76fb73c0857882f5f6d2a4326

SHA256
d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a

SHA512
e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\UnifiedStub-installer.exe

Filesize
1.0MB

MD5
493d5868e37861c6492f3ac509bed205

SHA1
1050a57cf1d2a375e78cc8da517439b57a408f09

SHA256
dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f

SHA512
e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\rsAtom.dll

Filesize
169KB

MD5
dc15f01282dc0c87b1525f8792eaf34e

SHA1
ad4fdf68a8cffedde6e81954473dcd4293553a94

SHA256
cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998

SHA512
54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\rsLogger.dll

Filesize
182KB

MD5
1cfc3fc56fe40842094c7506b165573a

SHA1
023b3b389fdfa7a9557623b2742f0f40e4784a5c

SHA256
187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2

SHA512
6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\rsStubLib.dll

Filesize
271KB

MD5
3bcbeaab001f5d111d1db20039238753

SHA1
4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8

SHA256
897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a

SHA512
de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4AAC3808\uninstall-epp.exe

Filesize
319KB

MD5
79638251b5204aa3929b8d379fa296bb

SHA1
9348e842ba18570d919f62fe0ed595ee7df3a975

SHA256
5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d

SHA512
ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E2QSF.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Filesize
3.1MB

MD5
d4a9383fda9f356a0d2edf77118b20be

SHA1
ff1b4583b52f388f0fd0831b503abd9a85465529

SHA256
c9f122cb7efba9528f5b9ec06f47dbc20919b694fc9ed5d8084f34fbeea7e297

SHA512
30d9388db8d33be3f2e04375677d6c238d827c6a6aba362946a047631b74b45431e3ca3d82fad860ffdc06e4cb38bb4e98d1224c86da898416bf37c551e7454d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\RAV_Cross.png

Filesize
56KB

MD5
4167c79312b27c8002cbeea023fe8cb5

SHA1
fda8a34c9eba906993a336d01557801a68ac6681

SHA256
c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8

SHA512
4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\WebAdvisor.png

Filesize
46KB

MD5
5fd73821f3f097d177009d88dfd33605

SHA1
1bacbbfe59727fa26ffa261fb8002f4b70a7e653

SHA256
a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba

SHA512
1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component0.exe

Filesize
32KB

MD5
d71ef446990b1b832d32863927494b85

SHA1
b0e12450300fd1f476dee475f6d984b004ee8421

SHA256
916cef5fa648d8453bded34d784201461e35446d7b6237a9210a51875f10be76

SHA512
8e7e250973d3af3328ed307849a697c7a1398f10cadc24cb9a5996fbc73b9afc09dd88c0cce471c31da8fef9381cef416ac66f8163e8526d60284b189028f8a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1.zip

Filesize
515KB

MD5
f68008b70822bd28c82d13a289deb418

SHA1
06abbe109ba6dfd4153d76cd65bfffae129c41d8

SHA256
cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589

SHA512
fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\installer.exe

Filesize
25.9MB

MD5
6c847932d63660b0e0ad0b0a4b9780d2

SHA1
17139565a23b4a6cf1891296c8d1607ec7653a94

SHA256
ed60db47b383ab1f4f50b8542d22ce992c31f450ce9d33b946a84e0ebfd3cde4

SHA512
f8bb7521fb8f24dd12ef7e59731bb5e68cac0d75ad547216d97b6069e0ad48dc9a25c7917f760841df1604fbe43335ba039c299c3e2199eb6b1f8b53c4fd6b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\component1_extract\saBSI.exe

Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QOIHN.tmp\mainlogo.jpg

Filesize
2KB

MD5
a13e498a2101fc5997c646aa15233e71

SHA1
01b1dd662a94a6e88e2ee0196dda139f13942aa0

SHA256
a6c71719ddd56cdce310a836779735f6343e734a85b0fc8ee4e537821098d903

SHA512
1a02215b8c3edde648d5c40cf9c0c2bbfe9ff4d64095d9a2786e8364aea4888d0596786f91ccf4566525330089ddede44af15f64d3fd6b27b015a03e27dcac14

Download Submit
C:\Users\Admin\AppData\Local\Temp\mwa6A5D.tmp

Filesize
161KB

MD5
662de59677aecac08c7f75f978c399da

SHA1
1f85d6be1fa846e4bc90f7a29540466cf3422d24

SHA256
1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb

SHA512
e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\ioSpecial.ini

Filesize
765B

MD5
c6b0b86360a391cf3ea742b29375b0c8

SHA1
d1562f99ffd34f670f866d8b382420178c873275

SHA256
d8535c6a638c469fc232200abe07d3bc9855232a91fc65cbf8d824ae4e2124cc

SHA512
8ca09155698df689e23e2dd9e7af65a6476f2bea8587210f13d09ffd7fed2893f20ca9a8238dc292b4281168a5d55bb7865e66c537d3c44b8cd2cab90b74f9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\ioSpecial.ini

Filesize
709B

MD5
85dca7ab47c3aa0e265186033e4471e2

SHA1
68d1a26cc79903c367b7f6e9ad9e85d8da2d70b2

SHA256
88130d1c34978e87b68d5c0e9e02ff7bb94ca6948b75394bdfeb72bd30edb9b5

SHA512
277f22a4e29ec9e60fb30fb544edbaf5b0f3087a1c95b282a2a487e7a4a5ad26b627c35b3b089bffc76b1d34d6cfad9f97c3ea862963f1dcb94e968b57ead271

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi64D2.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe

Filesize
2.9MB

MD5
ddf79d7a588328468ae2835e6af48dad

SHA1
0f3d5131cd879e7f6758d99c4ea8adaa108fe5d9

SHA256
b3f1b087a2617c1af305c8f9bb275f169edc46f4b4687f69db37dea0fe0cebeb

SHA512
f9bb715b95387146b1cbd9303355d56e771da9812ed2eb38144bbb00f36ce6633103ef5325a8535d430cd86acadbc20970b421a1d61fdf612c7c4d210f99a583

Download Submit
memory/2196-22-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-103-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/2196-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-2062-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-19-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/2196-20-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-38-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-36-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-35-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/2196-31-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2196-30-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/3188-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3188-21-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3188-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3796-57-0x00007FFFB64E3000-0x00007FFFB64E5000-memory.dmp

Filesize
8KB

Download
memory/3796-58-0x0000021A35160000-0x0000021A35168000-memory.dmp

Filesize
32KB

Download
memory/3796-59-0x0000021A4FB40000-0x0000021A50068000-memory.dmp

Filesize
5.2MB

Download
memory/3796-68-0x00007FFFB64E0000-0x00007FFFB6FA1000-memory.dmp

Filesize
10.8MB

Download
memory/4348-238-0x0000021F1A9C0000-0x0000021F1A9E2000-memory.dmp

Filesize
136KB

Download
memory/4348-245-0x0000021F35920000-0x0000021F35978000-memory.dmp

Filesize
352KB

Download
memory/4348-240-0x0000021F34B10000-0x0000021F34B3E000-memory.dmp

Filesize
184KB

Download
memory/4348-237-0x0000021F34D00000-0x0000021F34DB2000-memory.dmp

Filesize
712KB

Download
memory/4348-235-0x0000021F1A900000-0x0000021F1A930000-memory.dmp

Filesize
192KB

Download
memory/4348-233-0x0000021F1A940000-0x0000021F1A986000-memory.dmp

Filesize
280KB

Download
memory/4348-231-0x0000021F1A400000-0x0000021F1A50C000-memory.dmp

Filesize
1.0MB

Download
memory/4844-603-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-443-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-489-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-488-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-487-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-486-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-485-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-484-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-483-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-493-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-482-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-481-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-494-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-496-0x00007FF746FD0000-0x00007FF746FE0000-memory.dmp

Filesize
64KB

Download
memory/4844-506-0x00007FF6E9A40000-0x00007FF6E9A50000-memory.dmp

Filesize
64KB

Download
memory/4844-514-0x00007FF7562C0000-0x00007FF7562D0000-memory.dmp

Filesize
64KB

Download
memory/4844-570-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-474-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-587-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-472-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-601-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-470-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-491-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-605-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-490-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-609-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-599-0x00007FF7562C0000-0x00007FF7562D0000-memory.dmp

Filesize
64KB

Download
memory/4844-463-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-462-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-621-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-623-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-458-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-637-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-639-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-455-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-453-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-451-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-641-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-448-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-446-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-445-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-444-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-465-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-643-0x00007FF71DB50000-0x00007FF71DB60000-memory.dmp

Filesize
64KB

Download
memory/4844-492-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download
memory/4844-646-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-657-0x00007FF738DE0000-0x00007FF738DF0000-memory.dmp

Filesize
64KB

Download
memory/4844-559-0x00007FF6E9A40000-0x00007FF6E9A50000-memory.dmp

Filesize
64KB

Download
memory/4844-520-0x00007FF706360000-0x00007FF706370000-memory.dmp

Filesize
64KB

Download
memory/4844-495-0x00007FF7474F0000-0x00007FF747500000-memory.dmp

Filesize
64KB

Download