Analysis

  • max time kernel
    322s
  • max time network
    329s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2024 17:36

General

  • Target

    USBHelperInstaller.exe

  • Size

    282KB

  • MD5

    d387c6c808a9ab80f0d8e843500f903d

  • SHA1

    b14fc2a27c1e215d74d8cb6f01729855c1dbd8f4

  • SHA256

    43d9426874eea0bb56c3feac25d20bc35fb3ddaa9447e1ca5f0ba3de1d194382

  • SHA512

    e60b8d2ffebb9bbb27c31b52b0d6c597e0a72486a7865ecee84b40a84f8e9e102353990314d28cf01227a30c5fc3c1f407f38c95c68ec69ca075549dc9ce2085

  • SSDEEP

    6144:F5GZq/Z1IVfA1AbKowcNj/CGYSx3YT+tT8:iZGZ05fwcNj/CDYoCV8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 32 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\USBHelperInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\USBHelperInstaller.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2876
    • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe
      "C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2100
      • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\WiiU_USB_Helper_.exe
        "C:\Users\Admin\AppData\Roaming\USBHelperLauncher\WiiU_USB_Helper_.exe" 0.6.1.653 TCP net.tcp://127.0.0.1:56938/
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4924
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6017d0c5h9153h4fechaa21h0b82a7c36384
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb45f746f8,0x7ffb45f74708,0x7ffb45f74718
      2⤵
        PID:4916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,909921718301861503,3026325650393183767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:5020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,909921718301861503,3026325650393183767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:432
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,909921718301861503,3026325650393183767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
          2⤵
            PID:2848
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:3708
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:1860
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
              1⤵
                PID:3892
              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe
                "C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe"
                1⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1840

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Hikari06\WiiU_USB_Helper_.exe_Url_lqzuicndcnweem04imny1e0dt2cz0vsb\1.0.0.0\user.config

                Filesize

                854B

                MD5

                ed1987a13508ec5ef2bba9a5f5335575

                SHA1

                62a92f1d4f41f04b8cdc613412677108ade02269

                SHA256

                a159132c48ef5440ee0ddb05ec785058eead5b8e9ea6cfb87ee087981f25f6b4

                SHA512

                6a72c7640d5cfe5b80d615f87209968386a273e659d40d1913e932528dee52b4b225744abb9543c1868283b8cb28dfd4f2ae7540e9312e22590e76573543ce43

              • C:\Users\Admin\AppData\Local\Hikari06\WiiU_USB_Helper_.exe_Url_lqzuicndcnweem04imny1e0dt2cz0vsb\1.0.0.0\user.config

                Filesize

                972B

                MD5

                bfd072cb27d46f278268100cfd98563f

                SHA1

                c96d4179c932f0ea36bec7d2017f8e9df00cd769

                SHA256

                96e4a3a737518922597eac93d3872885caae3002f6ae61ae26fb4bdc27b4b9ed

                SHA512

                7978fac07f2423246cd98f333ac9d870565bfec436794e22f945076ff451899fb77010da56a214692e459006c42a3f1a3bc241f7b2aa0ae5e8cb55b7f50b4ec6

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                Filesize

                152B

                MD5

                7de1bbdc1f9cf1a58ae1de4951ce8cb9

                SHA1

                010da169e15457c25bd80ef02d76a940c1210301

                SHA256

                6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                SHA512

                e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                Filesize

                5KB

                MD5

                04ace9d98d3aa42f684fecced19da838

                SHA1

                50e4de01a8c8fffbd476d12fbba7f8b1024ed285

                SHA256

                34d75e7fc14dfc0af33ef3082396b206fb513f38ea83af5fa18278ef843f83d1

                SHA512

                09566864c7a10a46616329771452cffeb3ec1342a6ad04a7a6b14017280e75cf45beac28b2942195e8f09211b2f6ad469e279184282e4deb8d66f5ff11e43230

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                Filesize

                8KB

                MD5

                43379619d8735d3a9003ecddff4d1847

                SHA1

                f1222e8814c998bf42a831ac5957d8c94c53a24d

                SHA256

                59a8c0ce1a0ec30b54f175987db45c58f3b408b40d324dab7d70b90aca8e0290

                SHA512

                9d2aa72df144687fba23b339b1169ad31e910432ad63b7f902e13ac48c7e9c385c97dd7b109d06e9d031f5b118a43569296452bc36c00298557bbb5ee4d4d86d

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\INetC.dll

                Filesize

                21KB

                MD5

                2b342079303895c50af8040a91f30f71

                SHA1

                b11335e1cb8356d9c337cb89fe81d669a69de17e

                SHA256

                2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

                SHA512

                550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\System.dll

                Filesize

                11KB

                MD5

                fbe295e5a1acfbd0a6271898f885fe6a

                SHA1

                d6d205922e61635472efb13c2bb92c9ac6cb96da

                SHA256

                a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

                SHA512

                2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\modern-wizard.bmp

                Filesize

                150KB

                MD5

                458552fed1b2fb2bea3a5c91a120bc33

                SHA1

                9019e3c885f8451806bb3efd8771a318e3519256

                SHA256

                b64bc9e71a594bddcec7517f7ec95da74fd1375443cd80be4d98d61b0453d03a

                SHA512

                969b6cace5383f2aeaf4805a27564efc583524949686d5bf4908660a3bea991e2bb6b1c6aa8bcde48bb0349b53131757664a6aba9f5e9162385f6cfa63cf0075

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\nsArray.dll

                Filesize

                12KB

                MD5

                0917ee492308b691326e6581e8c793c9

                SHA1

                ff689c8051ffca7657461ac828bc46e303ab8e59

                SHA256

                81745087f193b6fa131189f4b3ee9caa93e9692e408d3955fbcb9a4ec8516e2f

                SHA512

                2a4ae4b93b0eac113a0e65f459798466120f1af4605a82a11f9022d790fe0b4f7d368b312f8a073b1dcfe8760e529ea56a5b5d4289321dc9f2fc8a22691b42b5

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\nsDialogs.dll

                Filesize

                9KB

                MD5

                ab101f38562c8545a641e95172c354b4

                SHA1

                ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

                SHA256

                3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

                SHA512

                72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\nsJSON.dll

                Filesize

                22KB

                MD5

                c8222584e91b74c47f5ce2a84d1cdc4f

                SHA1

                750359dd536c840b1d4016826af7f34a8562e242

                SHA256

                6785ab17a6c27be18072aa1c274078321b4ea27bfa752d3c882ec3093dc4637b

                SHA512

                a89f0083c791e7d4d54fd728e848e44bd44ef9e11c799a48ab95a48d3c4e02e68699e28818c1232b694120973ac0c3e418740759830ef70d328d7ef9e5789f51

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\nsisunz.dll

                Filesize

                40KB

                MD5

                5f13dbc378792f23e598079fc1e4422b

                SHA1

                5813c05802f15930aa860b8363af2b58426c8adf

                SHA256

                6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

                SHA512

                9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

              • C:\Users\Admin\AppData\Local\Temp\nsaAC8E.tmp\xml.dll

                Filesize

                118KB

                MD5

                42df1fbaa87567adf2b4050805a1a545

                SHA1

                b892a6efbb39b7144248e0c0d79e53da474a9373

                SHA256

                e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845

                SHA512

                4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\0Harmony.dll

                Filesize

                710KB

                MD5

                74b5875e365117d7484726f407bdabee

                SHA1

                b260ac5a291cf82db2fc4b30246bf0e0bf50ffc7

                SHA256

                3e1878b9a1d2bb359bea43c1f499733468f4803b7230de544d0a3bdd386da1cd

                SHA512

                bba561871d9ab1dca3d6410a23537c0948a64f9716282f26e2aeb809862b9da851ad9952ad79d3c0235b424da4a2b5c442430adea72b0761c9353cbb4cfcc1ef

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\AxInterop.WMPLib.dll

                Filesize

                52KB

                MD5

                3dea36847ef2131339229b9495392b11

                SHA1

                f7f66e876b60fa4922b7a9c2a2f69f8b76fabfca

                SHA256

                7e47fbbbc3fcdcd8f0cf3bf6d36b559e51527051c770f530327e0aa1b3406945

                SHA512

                0535fae2bebd2ffa04c306d5fcbf259b47d20573f1487fd8b181f6c19418a041ef7ab7140872212f2e1fea0f4d23948387b20874bd88a1015cb50a221e65b36c

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\BCMakeCert.dll

                Filesize

                600KB

                MD5

                02729f68491bd39e50312c64a2942204

                SHA1

                19293c35f10d13517a3b7839d5bd070cc8baf02e

                SHA256

                852908c615530b1cda439f51e0b670e4d0241cce984464afae452f24438135b9

                SHA512

                88f3b415532270ab9aae2da1c4535cad7ed012f06f9c42e16fa665ba2f19581802705196a63c20487a1b50035b40ac39e03e6b7a4fdc6b66a1cbcb840ddcda2d

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\DokanNet.dll

                Filesize

                59KB

                MD5

                ea29fc89b7b5bf48b2d5dbe7694515dd

                SHA1

                2b0d981d5b7c2d6e37519adfe746424091734a11

                SHA256

                b7591fdbe668e1873f437b537a3b8d003dbcf6247f3525ed00f1ada6675790b9

                SHA512

                0d7596b6db750c5334c3d7a41de0cf86b1c9ca9120e0f4802936173d0958717bea838eb42cb911936ff345c0085338576f11b4851b9e570d9bc7872410747d59

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\FiddlerCore.dll

                Filesize

                663KB

                MD5

                c07eca5cb5fe1d503324de7aa1e7f8d8

                SHA1

                f022f1629b2fb3dff833d0c3323040c5d6ca3221

                SHA256

                812d222dfef338f679a78a6012e7f607658d964be431922385306844ed689481

                SHA512

                3cabc3d8314aeb8f4a14cf7aecb7a2fe1be9aa3d867719cc99bc351fbe57ec9ce3c439f998ae26bff32775536d05e6d072f1db6c6bc105264d4a128994b895e2

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\HelperChat.dll

                Filesize

                12KB

                MD5

                639917938fe6606a0ef13aa325b4dcf9

                SHA1

                a9a18050f79b1488f021da15a44682f97bbc764e

                SHA256

                01ec1c8fea10348cdaf64a5afe63bad3a55f4c5e77bae0e8a91b02d70c12eec1

                SHA512

                b36a61297997dc5f7470d327d1b109a86aa7061be8f846b1b67b1e1abf80a2213e78f708037e916a6a3520244e70d754d495b145268ba3ef3a7491aa065c8c1d

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Interop.WMPLib.dll

                Filesize

                323KB

                MD5

                26e801edbc1333811913942ccbc203d9

                SHA1

                ea4e539b0e5e6a0b209e67bb427aeff0e2a705db

                SHA256

                eb7426e117eea6e83376678f0d5bb6954ac3fce015b2ce7c9de58134bc2a97f9

                SHA512

                d45c2164f3b7cd4a76b385bc7ac886ff467cb2ce4206d040d26f355863ca05867cbd3cc2128173444d35e628edb89d54865503138ffd4e6110016cd4e0fda9ee

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\LiveCharts.WinForms.dll

                Filesize

                19KB

                MD5

                76c775d09b24798f6923452e920979b5

                SHA1

                3fe2c79512a0d1153fb07f6640b27106c90d333e

                SHA256

                a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad

                SHA512

                eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\MonoGame.Framework.dll

                Filesize

                874KB

                MD5

                2fba76eb14f7e71c5ff7c9b7aee7db5d

                SHA1

                0f6bbf785388719b6a1c4be09e536781621540f3

                SHA256

                04219f759b21dc02b5269f09c539f9ebfbe7e33e147bc3d9246cd898e6580a31

                SHA512

                ac6bd78da67a8bc16fa83c0a2a6bd3d415c4d6c0d7823179ddf2a7c22a6d1389a88dcb9cafe1024826989b45e79b4b087c5fd21f69ad831962a360732c3861c6

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Newtonsoft.Json.dll

                Filesize

                638KB

                MD5

                f33cbe589b769956284868104686cc2d

                SHA1

                2fb0be100de03680fc4309c9fa5a29e69397a980

                SHA256

                973fd70ce48e5ac433a101b42871680c51e2feba2aeec3d400dea4115af3a278

                SHA512

                ffd65f6487bc71c967abcf90a666080c67b8db010d5282d2060c9d87a9828519a14f5d3a6fe76d81e1d3251c2104a2e9e6186af0effd5f331b1342682811ebf4

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\SharpDX.DXGI.dll

                Filesize

                137KB

                MD5

                38df3de68ffcaf2817595cbe720b7143

                SHA1

                cf3a8f9ac703caeb4e574eed0ae1460152011d5f

                SHA256

                b9dd82366f4ac46a745a6c1c83c4087d4b840da49a682539e3db38a0944d9863

                SHA512

                b4ed1d328108dff50fee735db08160a3391a782d894199151a58fb2845be637e597e754dab0a8b4ed9e2aa50929de7dc082a64fb0a6e9e68e7bb587f71ec7f4c

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\SharpDX.Direct3D11.dll

                Filesize

                279KB

                MD5

                daaabc87620969e59276a0a02986d174

                SHA1

                5ee4026206d0b97f23b20e6d15a2d8630afa283e

                SHA256

                0fdfbd6739622609e199cc20fcefbeb4a513529dbab94e071ce395f826cede0d

                SHA512

                d46dacc37078685bd4f7523232a8549953089ad7ebd2c6e5e7f9b3a07c118b4f3aba4c4daf84ed5158f36b99acfbdb91035a20a0bdea8f35af11c75dd648763d

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\SharpDX.dll

                Filesize

                270KB

                MD5

                9c441b8c2c9d478ea51a325b47b9e3f3

                SHA1

                963a441a7d5e14771287bc5241a7e2aa5dfc8c51

                SHA256

                0fc81d2498b8f3f9a57fc486d6fb9515380a562c4034bb9786a0eb9c51498977

                SHA512

                dce9bf879865b97e211c11234fbb30bd35f3c4043d5e3321e81a01fa4a0a249ffa869e62035ea3f2d031bdbb213f22dd36513c53b8a32e6e8014e82e0322e09e

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Telerik.NetworkConnections.dll

                Filesize

                47KB

                MD5

                b6af933b0bbf95aadc0e36a1b1ebcf18

                SHA1

                1144b3e586c2a5d9f1b6cefa4c13dfaafb8518c1

                SHA256

                3bf921a3cdd52c70d3c9affd77f93bb092e44884c7f734b7b411b60384f9462b

                SHA512

                30e490dee228c23e41fd702959d318559829847bce637f7b992729656a529dcf1e9b43b173810fb25ee4080b47b73f18a66d5c4d8e3dd16148672f57669f90f7

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Telerik.WinControls.RadDock.dll

                Filesize

                899KB

                MD5

                ccc08ecb76e2fa4c5ec3afdcc66047e5

                SHA1

                e1767b2942d6f3ce914de6b5207a61040917f7fc

                SHA256

                25a3f3692e2cf8382833f9a7c1cac1f2e3348ed77220357fc19aeaf5295521d8

                SHA512

                17953d2f61ff3105838bf58994c70701f0494ec46d8fdf5481ddee74ac6e2551d019ea25863e2db65d99ad638d631f1d04e1ca5a3ada90f6b95981d61ecc20b3

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Telerik.WinControls.UI.dll

                Filesize

                4.7MB

                MD5

                047d29e85d30414fab8738247b676639

                SHA1

                f8eed8a9ea7839b96ec605d9fe6aa7a4125e7590

                SHA256

                11eed9788e5150b630a564d923bbb1e50af406e2967a23a4ced95ecc86746836

                SHA512

                6124054daf513c5922869292935919c4a2a9c553063468a2999b4950bbc0d4c973869ea7af69b42e19d4bcc33f0f6427dc1b02313e86cbdafd71b1bfc03b7204

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\Telerik.WinControls.dll

                Filesize

                3.3MB

                MD5

                5e01279b617f69882a5706b6ccd111ac

                SHA1

                18b400bbdda0a54982060ef36a4674cea120108a

                SHA256

                6a8fa240058016bb4446261de530b6b48e9e2bb5756652ab7ac238899d41f8a0

                SHA512

                8c269a6d03020b5695fc4b4b44c627e8f680761df6c1c070f7bb7e3ed44037a0048026287123f8cb867542b7fe0f4edfc02ae2079215965ce9dcf45ee255e762

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\TelerikCommon.dll

                Filesize

                335KB

                MD5

                20c80f4bcccce664021a85a04555bf29

                SHA1

                ab478c8d692a5c800cca9ab65fd018ce1e2a5922

                SHA256

                c9e6df8e0944c6f9ce713a437d7b46d82618865194e9477e4e166d27b27ce9be

                SHA512

                fd5043d631f6b2144d703a44aba0cb3d65ed3c9bb077b0776d04e392e69cac1f49e67a040121ba660a23c023750c55bb113855f2225664642a868277dee3010f

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperInjector.dll

                Filesize

                345KB

                MD5

                6fdc30f67fe4ad3dc1c1f25e6d91e0e6

                SHA1

                8fd1daff6ac36db310e8c6dfad31def54d59c375

                SHA256

                b3322e41f4402149ff59fed7b38b26eafc174ae9eb299bf1ede270281be8e17f

                SHA512

                a44102d331c8b960778a3c28b8515e60e360d443f12523a21606be08bae37688863514db0659397ca39c2b3f5827179db08b27785919ff2e1a0f949d5c3c8152

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe

                Filesize

                1.0MB

                MD5

                8f70d1ff80cc4bd5046486699f3e7dbd

                SHA1

                cb3f1171853b740abdb2216c88588d15dee854f5

                SHA256

                6095064686dbeab5b9efcb77830030e201456412083be3d66bb7715c89d22d2e

                SHA512

                29209657e8af3c28f6f9a0ed198b5a799ddef92e346f97995bf1e66d23f997be1e400db96ef7924dfcffc4a2b5c410835a5c6c7277f99e635efa916806976a5e

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\USBHelperLauncher.exe.config

                Filesize

                462B

                MD5

                d4a415930c5332d740d7988507bb8760

                SHA1

                1bd929c20ce81d353c49e76f8d34d21de3cb7ca3

                SHA256

                17e66105c110625c72f0d3c97190c2a140c0731ef90573e9338c242416d7c1c1

                SHA512

                fd0e26edaf0b50233c4260242e17e24d7ffc1910fedb15429c12bfd5db2cbe1debcf8306bc26175d50ab0517c5cb0443da6b271c7e56b8dc567e893ab06a7ccf

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\WiiU_USB_Helper.exe

                Filesize

                19.5MB

                MD5

                03e133ea1d35b99a664027a1af2962d3

                SHA1

                335615615bf499a67180c64cd53d7d966c2c7db4

                SHA256

                583aa28dde7b2b267b7fb6b2bb701d1d9ffd42208ff70336fcdddb770ca2fc1e

                SHA512

                d310665c19825d982e704bce9384e3f51a253314bd637f34a0a9a13c793ea6b4195f2874f38de2fb22ba7713eca1d5302505c13bdb42dc21b85406b0475c456e

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\WiiU_USB_Helper_.exe

                Filesize

                19.5MB

                MD5

                82b0148dfb161b90b74342aaba6cd8ed

                SHA1

                34f1eb9dc7ee91c55dea6dcc5e95f7a07f8ebb4d

                SHA256

                a990cae6bdb1022d8fa0c4b11beabfca105a443a8e0dbea11ba1a58e95609142

                SHA512

                9ef090f108b0bee90e6eb8906299112f888f95ef175c19672967d9348ca9a32cd0772ef9ee29e6e7d30b2dba91478b47c69525bf1a9b7ff2741ec44182cb4cf9

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\customs.json

                Filesize

                1KB

                MD5

                544418b436c6c0e70f8b120915398d95

                SHA1

                6b4661a39fcb25b679a66a81070f33c847ee7f8d

                SHA256

                b7edb5af755d58bf72a11b8ff0674c11586454ff6405d3d8e343d5afa3ba12ed

                SHA512

                f8ca5ae32e666a0851ff00277a5bfcb41944c579351049f45852540d86b409e07d74a186eb0458514df81e2decf21996b91c654bdf83b501784febf4a3946a00

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\dlcs.json

                Filesize

                35KB

                MD5

                8c32185c87be1b8c1f92e7fe038b96ea

                SHA1

                2700150dbb745586ad118598bcdfda48a3fa1b2d

                SHA256

                06b39ba3c237757a637e7e926d38f2ff326b07766ee6af91463e318e32d6982d

                SHA512

                496504e3506aa9818540aff5f2de80feff71904f1570ea1abd3ea3745b45af5a41206d01d5c525d4d2ef9eee644649237eb376af83eb2d19f3a8fdac022516ef

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\dlcs3ds.json

                Filesize

                88KB

                MD5

                f6ad3a28f0b9f88e964e14a0158a354d

                SHA1

                d57dd09a8a45be29270149823baf17e89a9bd9dd

                SHA256

                9c0a88257e6291d8dd66d2a5dcc2d33d338951dc4aa7b8174048d5ddd1aded06

                SHA512

                f4e9b9188601fa4586656c8b085d80fa0c61a7cf77df7a1fbba30fa2dd78154827513b637f28624f9b3c2c0618eb40abf2d85518c84b61a52199cffbb99c4bdb

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\games.json

                Filesize

                1.1MB

                MD5

                599a26b17f08f8721bda19682d9f9152

                SHA1

                846fa4e9f72a6492f2255e8eab12410729229b50

                SHA256

                10fbd741bcc39ecd167cf7cbf3055bb1a45e26d0bc507ac85a7680583de61465

                SHA512

                468e171f6d2250ac6bcd0ffe72ce92a4c076697aacd7dcbc19a8d188bc7a2f5b67c465e251afd038ff4a1141214193f0630332c556ced5531522ff907e44fe70

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\games3ds.json

                Filesize

                2.5MB

                MD5

                d2cf2844b965a026377e30324cee1420

                SHA1

                8ca11d3cd8148cc73e15e9e9aec5f54a4a19b4af

                SHA256

                8e06b606fce20b9802090bc5a3a4e2a7bce1ef7415a4bb56dda8fbc80db415f7

                SHA512

                02f58ea9b36643ad90f3add9948eb034dcbb620519b2f2c61d533bff005ca1210c2c5bc889736a3c8e6a55df15154e06ee7990e2a6783e5aff84854b0581a588

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\gamesWii.json

                Filesize

                904KB

                MD5

                bf265eae6fd8fe7bcf469a82e6de5518

                SHA1

                5a115e4ecef0e045563175ed996f71744efa5d24

                SHA256

                dafc4132d645183d6c742b0d8be33ee8d8cef1e1f13da773f5b9df92810ff17e

                SHA512

                af0102104541052e27113a4573830ba31c57f3fcd8245f68c93aa11ce4f3e20e841f72df5166b1c9dd1a5710da867a7a9ea1729f659df140e6f5e01eedc3e50a

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\injections.json

                Filesize

                57KB

                MD5

                4d72c344d7a27ac098f5ef215b43be05

                SHA1

                78ddeb5ca28b06e77e9cb5743dfe1a557a2656a4

                SHA256

                9af46a2470396a18523c14fed5fde01aaf36948dfae88ed513fe81275db0a013

                SHA512

                b47f6638a9fcf60fe6847a4964366a611363b9b607084c93b38464464376c28ca4dc73b628a5c57825c8588114f66651f15075e4c598c9d7ec7a80f6feb3f50d

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\updates.json

                Filesize

                471KB

                MD5

                4301e214ca7897bc9b86d6a62c8391c6

                SHA1

                5843565142652ab07dc84d8be6458e39e91d75d8

                SHA256

                9bb39d15bb1ec18cc5d34b0cc2c555d076127a2a7cb480f148f03098c7e57413

                SHA512

                6c9d265411744d8c95eb06cf4a4cfb962e8c1a198bd045143cbb72407a1a78506bdc74bb6e4eef0359bfde6b3c430dae3d1d427261cd04a19c7ececebb79eb72

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\data\updates3ds.json

                Filesize

                127KB

                MD5

                18769d2cae9af4914a02246d4d9c96e5

                SHA1

                f51c8ff89978bf67a135975b84ed877eeff9d3ee

                SHA256

                c69ff5a4fe7fedf2da6681d41f2a52aedc9faf32c1b5fd76d3e37edc0508fd03

                SHA512

                c2257035aa7c97b4a0dd2f9078a51247c7f760cb95a843847f6005e6f052857342043cef57ee69cd0e65ecfe5eca06b01bc3595092053a6e2a69adc7a19566f9

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\dnlib.dll

                Filesize

                1.1MB

                MD5

                35bf9551f02810c92c2e6514872e54cb

                SHA1

                82b74c36d95f23e8d1a499a1edfc484767978c1b

                SHA256

                5bdf5115684243f4dbca59f3fd31e995d992941e91a8fed6ad29a04d0967f7b2

                SHA512

                683f9dbb0c13e973ebad9fab62549a53598a5aa6f4d698644f0859ac9143b5b625aced16abd8c1726725b60f9d32444a0fb153f9b7b10788f915e95c1b67d7cb

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\images\3ds\icons\000400000005B100.png

                Filesize

                1KB

                MD5

                1ffea73652eb0f2aad2ab59fdf128174

                SHA1

                08e992b3f695a92fb608c654b0e002f63ae1c699

                SHA256

                9d89acb30fad432b64c6b945f419b17d452b1b323fdfca1ddaf511798cc45571

                SHA512

                57d190f31a5c486e3bc942e6a6079fb57767875c1733d1c5de54ab1f80b2e16b98f092a124f802a0712635f260c15cf77554a0cbcd3ac9d6a0553aeca15e9d97

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\images\3ds\icons\00040000000A3D00.png

                Filesize

                4KB

                MD5

                1fb7a8746addc58f0b576ed6166a3109

                SHA1

                31a5ecb55a83f274365794ad85f3c3a32544b9f8

                SHA256

                dc6368f12f262d2f50638d7fd6658bfe4eba3011a94d7a0f0ea1d202636a6d87

                SHA512

                4ad404c163caf4e9b0ee03923310887bb195d27ceeb6006e25cb22c8c422502838f7022f2613e5cfd13e5d667563d4df742bb55395911809e92f8648b4fb5a61

              • C:\Users\Admin\AppData\Roaming\USBHelperLauncher\ver

                Filesize

                9B

                MD5

                d31c78b634da8c3e38fbf7d3677eeec8

                SHA1

                15a56ed0388e4e89a43eed23d6464b5db15afde4

                SHA256

                5a2d71f2bd7d6f04e85abcea854ea8864b058f4fd7ed163ff433ba0040a07613

                SHA512

                df9c67314c866886a9d00a389edcb62221664718ffd79cd338c759c9983aaf382fd4a87290efcf7dbd50bb5145cff694ecdcabf5278e900a9b4f90198a0e86bb

              • memory/2100-920-0x0000000006460000-0x0000000006A78000-memory.dmp

                Filesize

                6.1MB

              • memory/2100-913-0x0000000005340000-0x000000000539C000-memory.dmp

                Filesize

                368KB

              • memory/2100-1026-0x000000000CD90000-0x000000000CDB8000-memory.dmp

                Filesize

                160KB

              • memory/2100-1031-0x000000000D0F0000-0x000000000D20E000-memory.dmp

                Filesize

                1.1MB

              • memory/2100-1025-0x000000000CE70000-0x000000000CF7A000-memory.dmp

                Filesize

                1.0MB

              • memory/2100-1024-0x000000000CCE0000-0x000000000CD2C000-memory.dmp

                Filesize

                304KB

              • memory/2100-904-0x0000000000240000-0x000000000034C000-memory.dmp

                Filesize

                1.0MB

              • memory/2100-908-0x0000000004CE0000-0x0000000004D8C000-memory.dmp

                Filesize

                688KB

              • memory/2100-1023-0x000000000CC90000-0x000000000CCCC000-memory.dmp

                Filesize

                240KB

              • memory/2100-909-0x0000000005890000-0x0000000005E34000-memory.dmp

                Filesize

                5.6MB

              • memory/2100-1027-0x000000000CE10000-0x000000000CE60000-memory.dmp

                Filesize

                320KB

              • memory/2100-917-0x0000000005450000-0x00000000054F6000-memory.dmp

                Filesize

                664KB

              • memory/2100-918-0x0000000005410000-0x00000000054C2000-memory.dmp

                Filesize

                712KB

              • memory/2100-919-0x0000000005560000-0x00000000055F2000-memory.dmp

                Filesize

                584KB

              • memory/2100-1022-0x000000000CC30000-0x000000000CC42000-memory.dmp

                Filesize

                72KB

              • memory/2100-947-0x00000000084D0000-0x00000000084DA000-memory.dmp

                Filesize

                40KB

              • memory/2100-921-0x00000000057C0000-0x00000000057E2000-memory.dmp

                Filesize

                136KB

              • memory/2100-922-0x0000000005E40000-0x0000000006194000-memory.dmp

                Filesize

                3.3MB

              • memory/2100-924-0x0000000007620000-0x0000000007632000-memory.dmp

                Filesize

                72KB

              • memory/2100-943-0x0000000007680000-0x000000000768E000-memory.dmp

                Filesize

                56KB

              • memory/2100-939-0x0000000007740000-0x00000000077DA000-memory.dmp

                Filesize

                616KB

              • memory/2100-925-0x0000000007600000-0x000000000760A000-memory.dmp

                Filesize

                40KB

              • memory/4924-1107-0x0000028CD0D70000-0x0000028CD0DC8000-memory.dmp

                Filesize

                352KB

              • memory/4924-1049-0x0000028CD1510000-0x0000028CD1868000-memory.dmp

                Filesize

                3.3MB

              • memory/4924-1064-0x0000028CD1870000-0x0000028CD19F6000-memory.dmp

                Filesize

                1.5MB

              • memory/4924-1054-0x0000028CB7F00000-0x0000028CB7F06000-memory.dmp

                Filesize

                24KB

              • memory/4924-1068-0x0000028CD0E60000-0x0000028CD0F48000-memory.dmp

                Filesize

                928KB

              • memory/4924-1070-0x0000028CB7FE0000-0x0000028CB7FEA000-memory.dmp

                Filesize

                40KB

              • memory/4924-1051-0x0000028CB7F50000-0x0000028CB7F66000-memory.dmp

                Filesize

                88KB

              • memory/4924-1043-0x0000028CD07F0000-0x0000028CD082C000-memory.dmp

                Filesize

                240KB

              • memory/4924-1082-0x0000028CD0A30000-0x0000028CD0A8A000-memory.dmp

                Filesize

                360KB

              • memory/4924-1099-0x0000028CD0830000-0x0000028CD0842000-memory.dmp

                Filesize

                72KB

              • memory/4924-1047-0x0000028CD1060000-0x0000028CD1510000-memory.dmp

                Filesize

                4.7MB

              • memory/4924-1103-0x0000028CD0BB0000-0x0000028CD0BFC000-memory.dmp

                Filesize

                304KB

              • memory/4924-1045-0x0000028CD1F40000-0x0000028CD32D0000-memory.dmp

                Filesize

                19.6MB

              • memory/4924-1109-0x0000028CD0850000-0x0000028CD0864000-memory.dmp

                Filesize

                80KB

              • memory/4924-1105-0x0000028CD0C00000-0x0000028CD0C4A000-memory.dmp

                Filesize

                296KB

              • memory/4924-1044-0x0000028CD08A0000-0x0000028CD08F0000-memory.dmp

                Filesize

                320KB

              • memory/4924-1053-0x0000028CD0C90000-0x0000028CD0D70000-memory.dmp

                Filesize

                896KB

              • memory/4924-1055-0x0000028CB7F30000-0x0000028CB7F36000-memory.dmp

                Filesize

                24KB

              • memory/4924-1101-0x0000028CD08F0000-0x0000028CD0918000-memory.dmp

                Filesize

                160KB

              • memory/4924-1042-0x0000028CB7F10000-0x0000028CB7F22000-memory.dmp

                Filesize

                72KB

              • memory/4924-1124-0x0000028CD1A00000-0x0000028CD1AA6000-memory.dmp

                Filesize

                664KB

              • memory/4924-1041-0x0000028CD0AF0000-0x0000028CD0BA8000-memory.dmp

                Filesize

                736KB

              • memory/4924-1140-0x0000028CB7FF0000-0x0000028CB7FFC000-memory.dmp

                Filesize

                48KB

              • memory/4924-1142-0x0000028CD0C50000-0x0000028CD0C7C000-memory.dmp

                Filesize

                176KB

              • memory/4924-1141-0x0000028CD0A90000-0x0000028CD0AAC000-memory.dmp

                Filesize

                112KB

              • memory/4924-1143-0x0000028CD0DD0000-0x0000028CD0E0C000-memory.dmp

                Filesize

                240KB

              • memory/4924-1146-0x0000028CD0E10000-0x0000028CD0E32000-memory.dmp

                Filesize

                136KB

              • memory/4924-1157-0x0000028CD1020000-0x0000028CD102E000-memory.dmp

                Filesize

                56KB

              • memory/4924-1039-0x0000028CB7F80000-0x0000028CB7FDC000-memory.dmp

                Filesize

                368KB

              • memory/4924-1038-0x0000028CB5020000-0x0000028CB63AE000-memory.dmp

                Filesize

                19.6MB

              • memory/4924-1171-0x0000028CD77C0000-0x0000028CD780C000-memory.dmp

                Filesize

                304KB

              • memory/4924-1173-0x0000028CD7790000-0x0000028CD77B0000-memory.dmp

                Filesize

                128KB

              • memory/4924-1172-0x00000294D7DB0000-0x00000294D7E3A000-memory.dmp

                Filesize

                552KB