Analysis Overview
SHA256
6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd
Threat Level: Likely malicious
The file LDPlayer9_ens_Fortnite_25567197_ld.exe was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Possible privilege escalation attempt
Modifies file permissions
Downloads MZ/PE file
Loads dropped DLL
Launches sc.exe
Executes dropped EXE
Drops file in Program Files directory
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-01 00:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-01 00:35
Reported
2024-03-01 00:37
Platform
win10v2004-20240226-en
Max time kernel
127s
Max time network
153s
Command Line
Signatures
Creates new service(s)
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Downloads MZ/PE file
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-fr-FR.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-ja-JP.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ja-JP.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ko-KR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-nl-NL.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-pt-BR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\mfw-webadvisor.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa-utils.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pt-PT.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-en-US.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-hu-HU.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pl-PL.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-sk-SK.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\analyticstelemetry.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\logicmodule.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-fi-FI.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-zh-CN.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-zh-TW.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-es-ES.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\uimanager.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa-install.html | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-el-GR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-pl-PL.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wataskmanager.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-ja-JP.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-pt-BR.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-hr-HR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pt-BR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-fi-FI.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\lookupmanager.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-el-GR.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-es-ES.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-fr-CA.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-de-DE.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-fi-FI.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\installer.exe | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-cs-CZ.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-sk-SK.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-sv-SE.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-zh-TW.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\icon_complete.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\updater.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-sv-SE.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\icon_laptop.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\resourcedll.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa_install_error.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa_logo2.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-it-IT.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\main_close_large.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\mcafee_pc_install_icon.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-fr-FR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-hr-HR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ru-RU.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-tr-TR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\uihost.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa-install.css | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\webadvisor.ico | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-hr-HR.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-tr-TR.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-nb-NO.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wa_install_check.png | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\wssdep.cab | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\eula-ru-RU.txt | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-nl-NL.js | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| N/A | N/A | C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe | N/A |
| N/A | N/A | C:\Program Files\McAfee\Temp2064946105\installer.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true saBsiVersion=4.1.1.818 CountryCode=GB /no_self_update
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp2064946105\installer.exe
"C:\Program Files\McAfee\Temp2064946105\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\sc.exe
sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Windows\SYSTEM32\sc.exe
sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
C:\Windows\SYSTEM32\sc.exe
sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Windows\SYSTEM32\sc.exe
sc.exe start "McAfee WebAdvisor"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459250
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 113.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3n1ms4uhtqgov.cloudfront.net | udp |
| GB | 3.162.19.94:443 | d3n1ms4uhtqgov.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 18.172.99.65:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 18.172.99.65:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 65.99.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 146.48.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 54.230.10.104:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 104.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.143.84.52.in-addr.arpa | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 18.172.99.65:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 35.161.175.110:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| GB | 88.221.134.24:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 110.175.161.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 35.161.175.110:443 | analytics.apis.mcafee.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| GB | 88.221.134.24:443 | sadownload.mcafee.com | tcp |
| IE | 74.125.193.113:80 | www.google-analytics.com | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | home.mcafee.com | udp |
| GB | 104.84.78.57:443 | home.mcafee.com | tcp |
| US | 8.8.8.8:53 | 57.78.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.apis.mcafee.com | udp |
| US | 8.8.8.8:53 | sadownload.mcafee.com | udp |
| US | 54.201.47.27:443 | analytics.apis.mcafee.com | tcp |
| GB | 88.221.135.208:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 208.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.47.201.54.in-addr.arpa | udp |
| GB | 88.221.135.208:443 | sadownload.mcafee.com | tcp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| GB | 88.221.135.208:443 | sadownload.mcafee.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | 7d5d3e2fcfa5ff53f5ae075ed4327b18 |
| SHA1 | 3905104d8f7ba88b3b34f4997f3948b3183953f6 |
| SHA256 | e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4 |
| SHA512 | e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589 |
memory/3056-12-0x00000000061C0000-0x00000000061D0000-memory.dmp
memory/3056-17-0x00000000734C0000-0x00000000734D4000-memory.dmp
memory/3056-16-0x0000000008B20000-0x0000000008B34000-memory.dmp
memory/3056-18-0x0000000072C10000-0x00000000733C0000-memory.dmp
memory/3056-19-0x00000000090F0000-0x0000000009694000-memory.dmp
memory/3056-20-0x0000000008F20000-0x0000000008FB2000-memory.dmp
memory/3056-21-0x0000000004970000-0x00000000049B4000-memory.dmp
memory/3056-22-0x0000000004A70000-0x0000000004B0C000-memory.dmp
memory/3056-23-0x0000000004B10000-0x0000000004B76000-memory.dmp
memory/3056-24-0x000000000A680000-0x000000000ABAC000-memory.dmp
memory/3056-25-0x00000000061C0000-0x00000000061D0000-memory.dmp
memory/3056-26-0x0000000072C10000-0x00000000733C0000-memory.dmp
memory/3056-27-0x000000000A580000-0x000000000A58A000-memory.dmp
memory/3056-28-0x00000000061C0000-0x00000000061D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | bb7cf61c4e671ff05649bda83b85fa3d |
| SHA1 | db3fdeaf7132448d2a31a5899832a20973677f19 |
| SHA256 | 9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534 |
| SHA512 | 63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab |
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
memory/3056-65-0x00000000061C0000-0x00000000061D0000-memory.dmp
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | 5e1c27c935b8bd115a9561a1d9878793 |
| SHA1 | cfe8bf700461ce21b7e3397142e33a45c0d1e774 |
| SHA256 | e8e22e0b4af08bb621a909b7c9b4a7b01d27bc0c090023335983b918ab1c6d01 |
| SHA512 | 6fda66e448c4d19090922216256f13b6bb6ab110972324670a05a1aff2661ebc0262e779cc84ff099abe7d2af435780a6920fbc6b1ccc80d3d3e4a31e62302ea |
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | e8cba1eb87874b23f36952c26bf642a4 |
| SHA1 | 8fe4840c13373f7371199f5fdde2644cc45e179c |
| SHA256 | 0db6de09c1b98cee1f6b997bfa601b67cf7aa5f95c943a4f8a373cf0dd90318c |
| SHA512 | bc78a0552953dc9b38fb76bd72e5b1a0224c8a6c782850f44338e0ce7ebe8facbb49a91ba8b1ccb68a0d263c3ef79cd923f1f3927647d8bb503b6877b4bad634 |
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt
| MD5 | dae8f86d05e0c4f1cbbfe1af547599b3 |
| SHA1 | c809aacfcf743de170bc04dcca45b71d070471dd |
| SHA256 | d8555e4eefa8c8d58fec73e6202bcf04ed75709a42bdd5c45d150bb9c983fabe |
| SHA512 | d7131f05e114e1fb0c063b60215fb9ca9c00c2a7f70b648150a8b0a66c2a647c1d7388e62219e917f92990ca9a1c12458eb36c1ebd3da7446e8d877a89f731c7 |
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
| MD5 | 583ebb9d7f34d392d4e8f34abdb9c7da |
| SHA1 | a691d9298e1b450516da9252623e195d5caf3911 |
| SHA256 | 89c5152ba16cb2ef027202ad640dc7ec1ffd2dd45dcae44b98eac1b38b683bfd |
| SHA512 | e5a85d87e8f23d1d7f6746089b8c2af6a881dc455a7b544bccb0c7834c8ee9deb6d5f37fb18416c83365738d67bdb872a2861f28f17f6b4e34820e6449be41f2 |
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
| MD5 | 2531a9d66d7ff1a6d51ff7f440fec893 |
| SHA1 | c483804d98a175fb249fd56322ceb60ad39113a0 |
| SHA256 | 49c5c44038cdd465898c3b2cd43375d73ded0e335b0733683455a66c0bbae7bb |
| SHA512 | 2a655b71092003fc75c7153ac797772cf6c042261753b7ebc41f57845fbdd4ecef981e518859831ad08b314cd8959a0f38c66d3e3ce3840a8c1e877313321d9f |
C:\Program Files\McAfee\Temp2064946105\installer.exe
| MD5 | 9daf36d81b100292bfd1104a310756f6 |
| SHA1 | c2a21215b054212591ea5b094a268c612d3f6d3f |
| SHA256 | f8b10a122ff9c932ca97f80e6bcf6f210b8d54599aed029d43a07017073d6bc4 |
| SHA512 | b068431bba264f0324cf42e88bc6d13027dec32012dc3a3b7f7e65cba2df196cf68b77e753d87d6d32fb7ae15df8f853e930bd21432fa52404272901a6688617 |
C:\Program Files\McAfee\Temp2064946105\analyticsmanager.cab
| MD5 | 024e451ca64f06c7054c5ff1d63289a8 |
| SHA1 | 5c9a65800a072bc20ed6e660551e87b183ebfb53 |
| SHA256 | e63bfdce9db4bbf3be28051615c81b1f5f5e1af5b512af5a48c3a8b7e882213d |
| SHA512 | f311ce7c193f8afe11a12d35726e5a2953049641363ce73b0caedf740e337f8bfbc08785f69bf93a6d5b092851c7012372086319bb86fbcbe2722cfbeed790eb |
C:\Program Files\McAfee\Temp2064946105\analyticstelemetry.cab
| MD5 | f4f1873a7f68239272ecb3a92f1a128a |
| SHA1 | 288f5295325dc3986269b07f901aa186736bfa79 |
| SHA256 | 3829fea320ad3c1aea101d47de31f93411114c2b4473fc75d11a809bdf1906c6 |
| SHA512 | 4e195d038a83e8d7a0a52f9809c4ab2ece1f934220e0aaf143716bc35e8a8d682b101a42d218f00646a282bdf87cec73ef4211662ef56ca5caea691521fd8000 |
memory/400-229-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
C:\Program Files\McAfee\Temp2064946105\browserplugin.cab
| MD5 | d242744a5ae8ba2cdbd19574e624194d |
| SHA1 | 7bbc5e5946e2930bba681eb624df8ab9a45eb1e7 |
| SHA256 | 775c1917b3178fcedca013b0f40a75fc1d0bde4de0edba62e9a30f6c38af48a8 |
| SHA512 | d92e4d7abe530fc8cb2e68161d4ab28dbcd056309454491c8aae2c609e4086ceca89c906bf18e8451ae070f608dbfd2eacdc2eb04087750e6dddb84aa6dc9f1d |
C:\Program Files\McAfee\Temp2064946105\browserhost.cab
| MD5 | 0c693c6f86339af4e5373bf2882733ef |
| SHA1 | e1b19d022b2e7abc4912979208e926cc53e0e990 |
| SHA256 | 3dffaab4c4d8ca047a24e5eaf50bfcc2eb649e8eac7d292adfca4683b687b071 |
| SHA512 | fddfda39c795614779a93deb2f3579eb7df3dbe597ca5da50648c44f7a5d6aa26661de85c18f3cab9cb9b03fd677779572819e2b274a19934c010b7a108d7307 |
C:\Program Files\McAfee\Temp2064946105\eventmanager.cab
| MD5 | 70a210d9142001c550dddc3dcdfdd81d |
| SHA1 | 601cd1f6b648a4ab95be9d08924eef335cb179ac |
| SHA256 | 8bd64170ac05d31a1b16a6804df3a8883d04cc8ca37d40899488d2cdd81b0eb6 |
| SHA512 | 8838cb360852f2082c0b1782b5c9f64db134df8b33103c3e9f82c0c5dbb18bbf1a8a4b482e1b947a333a7d1295c1c2126f4f5d7840e7b1f2e01145776c7f099b |
C:\Program Files\McAfee\Temp2064946105\l10n.cab
| MD5 | 53b2ba2438c18cc602b7601348beb129 |
| SHA1 | b95175800086f98062fe011d1435d152b449feed |
| SHA256 | d3cf77bae0af34388d45005b24ac009daab7490b00c9d8b9907481167262eb27 |
| SHA512 | b19008619c29a4843f83807e2dd9b402bb3028967e788d2e05bcb52fb64f077c140980d2996ca54f53c1c31688c987974248fc41b45693b8f7909e93d1be3e36 |
C:\Program Files\McAfee\Temp2064946105\logicmodule.cab
| MD5 | 1463291fdb22996f969d1c7c75c578fe |
| SHA1 | 939536200f54bcffc3fd6914b5b4ace815f12827 |
| SHA256 | 866fad6a3d74233a548d33e212bd48078cc9502374a06fa66ba7489bb2f12638 |
| SHA512 | 69128a81cfda360b93e4469a4ee22a8477dbd8e92895fe02c93e209d475e5d72b27df03041e1f985853ec5c26967e6c50c1193a448bb75542b95075ae8fe5587 |
C:\Program Files\McAfee\Temp2064946105\downloadscan.cab
| MD5 | 59933ede38f4c2632b891dff135c57c1 |
| SHA1 | 79286e1e920fbbf0e33860902e199afdcb3a8f1b |
| SHA256 | 8231b861300aa0bcd00f23176954c3d03a45dce57685c4d00345410843c41d65 |
| SHA512 | cab14afaccc068f3057e6c7d1eb86ca40eceb43fd6893c6a829b046e1969aeb7f9fb32791725fb9a86c5f4f284d09f569cf70e1a97d0540efc212c1e4fabf2d7 |
C:\Program Files\McAfee\Temp2064946105\mfw-mwb.cab
| MD5 | bfc0cadcba91d927561d76bcf8b151c6 |
| SHA1 | 1fb6ae9629aebcdd54308f72dd8bc43da29dfa5a |
| SHA256 | 3c83f0a109a619d1a95633d3832140b4988b787fb78ed11a7ec47f680577deed |
| SHA512 | 704278c3b0381a7080ef1cdb8641592a4b2715039388f582121750391989b625790dd307508f1b1e01b04cc11950350aa7b285a980455755b968e547a4d774dc |
C:\Program Files\McAfee\Temp2064946105\mfw-webadvisor.cab
| MD5 | 4d56a925b39d2aa9bbc2a415be2e1235 |
| SHA1 | 9fb6ddd87d9586995099fb0c1423553d409e1ad0 |
| SHA256 | aaf18dbdef0d5362d2f2789b0dce5e1e91d0fd1fd4d8fef6f88acaf38ecbdf4b |
| SHA512 | d9f670b661cd83988f8092f638fd76474288a7a0ca27d819046e99d9db042e9bfe323676e485c29b3f4a2970a2f7f6aa2a84171997380e3325266373a6c6dbcd |
C:\Program Files\McAfee\Temp2064946105\settingmanager.cab
| MD5 | d2c53c06e75e4f64e87eee17b7a43acc |
| SHA1 | b9bd6c8a3e74092cc05d9bfb71d3e8ac24b7553e |
| SHA256 | 64ab8e2e8842c1b6f30c98d5ac68ca06d6985bffc214a8c2258fb767f0f657b5 |
| SHA512 | b1243e191681de9eca9cfb1a642bb8bcbe2c99df74cf75a5c413221e61fd1ea745dad32b93211b0ad301a091e0d5f1f9b45c624e69e945d877c47801389f54da |
C:\Program Files\McAfee\Temp2064946105\taskmanager.cab
| MD5 | c411522aec698bd0cb8e83ec3ff7836f |
| SHA1 | 39ed475278a69ac40b66b6f3efe1be72bc288be6 |
| SHA256 | f5a933db076bd8bd00f8ba3018b95ffb6ffa9422b0e7476ad9476df7a18a3d3e |
| SHA512 | 03ef1030229b892dae3d19d9179af7d8f038c5c8e0020ed1dabca13e52a79233b3fb8267f49c7da455b76aa9088ea61088cf1396305179a19c004eb77a2bc5c8 |
C:\Program Files\McAfee\Temp2064946105\uimanager.cab
| MD5 | 5e05100a06571058a3af543210b430a4 |
| SHA1 | 222c7c9a5936ddd4159c36dfa1fccf4746ec707a |
| SHA256 | f5c97231316958b99098efa5275afc3f036842c014219705546134ddfdf3564d |
| SHA512 | 07613e4ff043347523e0e6e7a3c9842476b5d33c12de7a98e09ff35913a566dbe7f0fcb1e15612904f2ad3acae33d407526a82f1ab7afe7ab467ebb137e29416 |
C:\Program Files\McAfee\Temp2064946105\uihost.cab
| MD5 | f717a02b778d4e685051dbacf55a8be4 |
| SHA1 | c14ec34eccd38c5a75a061f565b1bd4d6aeda595 |
| SHA256 | c7715d9954c86f3989ab11312db0a47368ec8fd6198381f9bb3e2d716d28d884 |
| SHA512 | 01275b32bcafccc4313f73114387ad983f8689a4df63ce42bf31ba2f0ca5ebd3315cbbe93d23491b2d04e1546379112883b009ff9b4bac37e018dd01aa1240f7 |
C:\Program Files\McAfee\Temp2064946105\wataskmanager.cab
| MD5 | c14f0db8d18bef5e94786766b52a487d |
| SHA1 | 4600eaf71ea65cf8ed4ce9f2b79f3c98c935f9e7 |
| SHA256 | 4d071b3b0e626392da162fdf651f3ae636c915c64c67ef42b8fdbd0bfe9a0b72 |
| SHA512 | 7027baa4044773ec0c07238fc6620e45f79cbd11e8ecbcf544f5462d62a28ac31d8d641b04eb87f1419e62645eb298615dcd2af13513e28a7a9082782056b450 |
C:\Program Files\McAfee\Temp2064946105\updater.cab
| MD5 | 393a036b7298015575b5dd5046234e78 |
| SHA1 | af0e8c1eecf0faf8002b1fd87e20ef0a77638754 |
| SHA256 | f736fbfe96dc8e4ed2073f66fc0e36ceaa498bcb9d3dc42eec620d6658317160 |
| SHA512 | 540136b21eede0141855d6f66a0e104410eddf7c46a36f30de1e74b082b916796282325ec83db3b8dff48c2029a786c674bb9c058563a3f845189ef18c6b790e |
memory/400-265-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-266-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-327-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-389-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll
| MD5 | bf991bb7eda0bb375cfc91e014db607b |
| SHA1 | a01c51e7313cff62f6ff2ac39a56b66b7f4e306f |
| SHA256 | 595a9975e0804f35a4a8df24daf762db54c1c45e0a11efc0f137c5a05dba341e |
| SHA512 | a49fdb8c2e42fae782a920997305f7153bc7d3a7c15c076547277fc1ce6cd372492b9969e71615f94e6feacc013ded01d5a4d003b8d2f1d74314e4b8b66d90f7 |
memory/400-452-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-486-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-491-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-514-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-572-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-602-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-615-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-636-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-643-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-664-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-678-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-684-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-794-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-745-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-739-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-1130-0x00007FF696610000-0x00007FF696620000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
| MD5 | 410309c9c2a76857b2fb0acfab2c91df |
| SHA1 | 072dcfc550b7bbaa6a03b479b408bfc57baedd16 |
| SHA256 | d79f4b0c2f3340920cc2935a9a8aba41115ca0f700bf338fa696797ed6d3741f |
| SHA512 | 7c660d5090b9e78bc0f53530ef951e9715a65e33b62fb74b7d09f34cd8db8d54beee8a53725eb6dbc46c29bc5d4d8c4799e069220b939c85914d92f9f7384f26 |
memory/400-697-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-692-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-662-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-650-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-625-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
| MD5 | 652ae29251e9a1017cf1ae8957bfc1ad |
| SHA1 | 860e2b6c10eb8f2f2476cfcca4c8efccbce6186f |
| SHA256 | 0532d4bb245eca0e6436849a90f672dd639e9547de721036d0a93ab1f7476f3d |
| SHA512 | dd4051f2b037f00e97103164d330ef4d563fe24d8e4c6d7ee00918d5b4d56b3dde3a7d010757953bea01bf266a275d77d4c82e18bc144718e8e7ade78185dd74 |
memory/400-606-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-598-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-594-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-569-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-562-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/3056-573-0x00000000061C0000-0x00000000061D0000-memory.dmp
memory/400-552-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-478-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-473-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-449-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-420-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-412-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-349-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-311-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-287-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-269-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-268-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-267-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
C:\Program Files\McAfee\Temp2064946105\wssdep.cab
| MD5 | f49089c1a928792125a30c050753d3f3 |
| SHA1 | c82bbd114692f938a75c6c5a6707992a01272792 |
| SHA256 | 099630a529fe6632953d7ca7578e8de6a7edf011872fbe96e5c8c82e3b88a2ad |
| SHA512 | f11b80f7c1e3bdeedb69b0767a9ce7940b256aac2a7e84e351385bf856358e4eed57711da628619edd32ed74da0f5f68c090cc8985c6c6e8f50bc8ce42bbc34b |
C:\Program Files\McAfee\Temp2064946105\webadvisor.cab
| MD5 | c9ffb55425fe109c6b3a6af2311fa6d7 |
| SHA1 | e14f14534a589a6a56a73f61a80b3d7346f1bbc5 |
| SHA256 | eff6add8271a4051979fd858d19b696e95bf8081f075c1f4b710f484f7b79634 |
| SHA512 | 27c58deeb4acc4aac394d269517089c2778c2fb78fd71895b3b9d259fbf421a00c2f3c6073a7c55bd8bf60b08482d0f30722d593d79e61f714747cffee4842f4 |
C:\Program Files\McAfee\Temp2064946105\uninstaller.cab
| MD5 | 9ab90256931003b0be4b1b5e6c0c72db |
| SHA1 | 183699696faf84633bcb2f9528c85f43ed866f41 |
| SHA256 | 9993cd4e3a5f68b8aeffdf9934e8e84bb102550e1f9eaee311e8cc7928d25689 |
| SHA512 | f96fbced12778c1f8f13b8ed5ded94f1993f6c9835b8e67f022b2693d9b4e0f2312d91eabc7e807da82ae8dfffaecc4af94717b4aa87bea30c1e2dcc42a4ced2 |
C:\Program Files\McAfee\Temp2064946105\telemetry.cab
| MD5 | 575ad9c9e0831d7689544eddd1e4ac98 |
| SHA1 | 23fdfa59bd8c51627679d2f1414174bd176aa194 |
| SHA256 | f0c76b1d6316039ec00b406f0a825a6d9e515d92d455b3760b9cc63f21898ec3 |
| SHA512 | afa269d2ac0e1d6d89e5d18060060759ff1a714672aa355b48473abf90230913dc3eb640e301718c66258bb7c03a478e5aaf720eb9405893e44368ea4a02d808 |
C:\Program Files\McAfee\Temp2064946105\servicehost.cab
| MD5 | 2c91564d2834024d02b0eecaa911d097 |
| SHA1 | d9fcc86142edb4c3e32886f82537675a89944dce |
| SHA256 | dd65a1a4042505f4afc1d9a64d6e4bcceb707374137f519a7eb1ff8a96e91d53 |
| SHA512 | 844ade18bee42800dae54d91dce34f126cc250a02b3e82d280ba5ec0d532b4d294b65ef000c520b8939ba932ebdaf818b2e5bf5c984bc933f048bd0935d77591 |
C:\Program Files\McAfee\Temp2064946105\resourcedll.cab
| MD5 | d452e574c6113a01b3a45d836a15a3b6 |
| SHA1 | ec6e41d57bd803347410fa5861e7521dbeec0a87 |
| SHA256 | e3e6908b669ab0503133ef8cca2834782dd174be9de67b7c01bff10f953c4855 |
| SHA512 | 2775ccfa8bb146a1b27d57f330923b8a80fb932a7fc1b3fdcd9747d45fe84fab48cacf593cdb16e33500680c891c8b04d9daa16a7d33ed40b00891be68e7a959 |
C:\Program Files\McAfee\Temp2064946105\mfw.cab
| MD5 | a64bb575ff72e6c81d3358d07325fe46 |
| SHA1 | 03d49603bbb7a5b3d4b96453d20845f794bdb1b0 |
| SHA256 | bc48b292f67082e8515149ba81d3064359c09f5c646a7ee8e113940a6b812afd |
| SHA512 | acf2a01d119e518a0de8dd419dd32e270b92a0c89d90428eaf6899d18959a1ea58891ff7ad95ccba14248b0d6a07d6e6f8d25ef7bd5889eb2e19eb0700267cf6 |
C:\Program Files\McAfee\Temp2064946105\mfw-nps.cab
| MD5 | 754ec5710b8d2b0d08c2d4e49aeadaec |
| SHA1 | 088f9c3baf8c91b3677435c517930b0e33b008ae |
| SHA256 | 9778ed9ea19854a4312579c2e595d16f6c5c5645e4e8b91debe7fb582cf78573 |
| SHA512 | 38db5777d535003cccaef7bebc2a87837a097b4eb725458e0f8b70fbd8854811981af66365bcb5bc3afa1f1f305af365b49926540d167c5001fcc4192e3bbba0 |
C:\Program Files\McAfee\Temp2064946105\lookupmanager.cab
| MD5 | bd6e10cc0f2590433b8457175355def1 |
| SHA1 | 0a2cff3e11dc8d7204f4ddad42f8230ea0f528f8 |
| SHA256 | 39a27008c2e6e0f0ae58bd415abfe2c4c74c45b8d0ca506d05786e3e9b3d27e4 |
| SHA512 | 46b90c72e7401d29c4a321bb9e067cf6cc976d04f5ecba1d797ce538cc310ee389b9f298988d1de4ea4fa0c8834a45b9e1bcbb3881496b4d8e62fc2489cff656 |
C:\Program Files\McAfee\Temp2064946105\logicscripts.cab
| MD5 | d55a19592f1160fed1f7f7ddff36cf21 |
| SHA1 | e19a058fa52f3c8635517ce7646fad181a28c015 |
| SHA256 | 4549a4c73c3ca3898ee8443e28795effd85cddc87d57ac38c5087c53c14f056c |
| SHA512 | 70758593cd42aa8be9874cf196e229bb2824e28ef748f9e704c550dae57417299db66fb4965fd2afaa59a6d12d0b9477873bf449c2f2ae1d6e413c95ef77abcb |
memory/400-1203-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-1206-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-1207-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-1209-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-1239-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-1260-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-1253-0x00007FF6A96D0000-0x00007FF6A96E0000-memory.dmp
memory/400-1281-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-1266-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-1251-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-1249-0x00007FF649B40000-0x00007FF649B50000-memory.dmp
memory/400-1246-0x00007FF6A96D0000-0x00007FF6A96E0000-memory.dmp
memory/400-1245-0x00007FF662350000-0x00007FF662360000-memory.dmp
memory/400-1244-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp
memory/400-1237-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-1223-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp
memory/400-1231-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-1218-0x00007FF696610000-0x00007FF696620000-memory.dmp
memory/400-1283-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-1284-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp
memory/400-1288-0x00007FF696610000-0x00007FF696620000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll
| MD5 | fb8405d761f5cbbec418f2356152688b |
| SHA1 | d11a1f5dd029d784e32db77676f0527038b9281e |
| SHA256 | c8c191b109188dfb0d30e8b1d2323d6553683c1380e3ecd2d5c544fddca4259c |
| SHA512 | 019072c6344be07deebe1afe2f054809d715289f5993469c2e391066f9f00d8301adbc1fa2195596cbf655c77461346ff60f870e90625ac982d204a59d56a3a2 |
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
| MD5 | 09100ae5b6b6919f55ec99fa172a553f |
| SHA1 | 9ff307577056d129a06cd5555726ed5eaf830cb0 |
| SHA256 | 74659562bb26ecb3c22bc9b4d515cbd24c3475801c51216dbc829214822e3129 |
| SHA512 | 2aa0199db66269a2a34e79e432d88f14939f3e5fa848da0636290f9d1668deb00eacf895b495d9df0afb4023f359f7d1000822bacf3cb3feaf3af79ebcb32d20 |
C:\Program Files\McAfee\WebAdvisor\SettingManager.dll
| MD5 | 418093c505df337e3c7fd64eb56f40cb |
| SHA1 | bace4ac254b6635b6df4409fda5ddca15e4fbf9b |
| SHA256 | 2681b3705e97bc3e5a98db42d36939bf066e88cbdc58c1f2f3676bd5bd40be07 |
| SHA512 | 6213aea2a6ddcf7ea3045fb14063ad7db57495392a7967bae9aa3d39d75a3ad5f73a950117502bb63ecd7346ee372b43519e57f1acc8a7d2f613b4b3ce8badd6 |
C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
| MD5 | d44204299b4ca4729be1add20f475055 |
| SHA1 | 28421928bacd9623d1ddcd4b797f23b75d854b65 |
| SHA256 | 4d5c6b6f26405ab9576743440e8a945648b6bf287f188436e0f19c363e439836 |
| SHA512 | 6e3a2eb615fbe840e0e2f094db9c3f368062290c11bb9deb0f014cca971d06036666e0b3d86fa9c5c082778160dc78abaca98f0bdbf174f1e7a04aec78ab736d |
C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll
| MD5 | 3aa32df1e00699347f6de12129375870 |
| SHA1 | cae8529f40e7c462777d3056fb422f45a26967ec |
| SHA256 | f57ef774a6db9159a21833fbd405b97549ea9ef6cbe42afdf7be009c1da5b324 |
| SHA512 | 3121be5134f47870bcf81e4681f03e2f61a8eb96159eff86bec90628440c67991124048b2523d89c5c42ae00547e7abc213eb1dbb8bdb02ec88d52bfe6b3069e |
C:\Program Files\McAfee\WebAdvisor\settingmanager.dll
| MD5 | f00ac788511def6a448d65012a6ba2d6 |
| SHA1 | 7991a5098f3c776511eb7add816296dfbc6f374c |
| SHA256 | 4a0cf2c491e425cdea27fc819a4fbdd7c31bcb082d3056666a9889f0a3954fa8 |
| SHA512 | 4acdaf228a774e2cdfee25255f58546a2cbd8b65aeeb2cac7cffc5186934afb9ff864819c373bf98b9aabea8f6be221e4b81370b964305346edfc0e6aada58ab |
C:\Program Files\McAfee\WebAdvisor\AnalyticsManager.dll
| MD5 | b7601f4261b480290268170e259239f6 |
| SHA1 | 70ab68d5f439d81e4ffd1ec51bc1491ace0ca9aa |
| SHA256 | 8e03fb917c0fb071c074df8f5c482a5a1031a937d80739dc9a268e924d401fc4 |
| SHA512 | 2e35531933be8b54041858d9647d492d2dfb4b75546779d85c16a8d36673fe15b1135139460ebea548f5f20a3dcf269b52af67c6fe0a9f1244a10a724fe37e21 |
C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll
| MD5 | faa83e844cd926f894db7390e547e4c9 |
| SHA1 | 5ef3a40f718f5512172469f381bfffc41c9fc0f5 |
| SHA256 | 1dc173e45a6262006e92cc9d3ee9f1c332ee2ef5b9ee873d97e8318b1d419a10 |
| SHA512 | 99d8dbb9dfb6ccf66e62a2205064934817e6d90a70f8297aafec3cb63e0308d63527b43bbe3ab8f81f1692d7e31c4ca2ea31e63d00765f47fa9638b069006f68 |
C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsEventsConfig.luc
| MD5 | a74d0c0f44f4038de9efba73bd2dd181 |
| SHA1 | 7c336abf318956c7182dad76f130468909ac16a6 |
| SHA256 | 7b6333ed5a30dc02bb7838f379ac1170809f5f761bed7966e3c3b47f3b08e9fe |
| SHA512 | 6785883fb654a826c00c6c23bf4ca24b0f7d96946823de6473ee2f983f146ac3a2707a2d43771adcb9d78409a4a77f942167a1cafb3cdff8b65415a2e6fdd826 |
C:\Program Files\McAfee\WebAdvisor\mfw\core\dkjson.luc
| MD5 | b488ce4870ff5ee565a953432c1d1c63 |
| SHA1 | acaf8bac20392cd53ff90eb995dfa59af381cf41 |
| SHA256 | 3295649f5f8c7356798e2b4279b950a474b8193e4ba59ccfd9b63ecf20fb5d0e |
| SHA512 | 0a2880bb29612e5b80b86c0695483375f8194b1b8ab370cbc52ba46362c2df62d33e3be926ab549cf954e43032691e92cfc884d9a5012f6f4da8d5a75d70ca0a |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 782d150c75f68ef0dabfd49bf0eee9d9 |
| SHA1 | c4252301249669c0041aa056db5f49915d70f3fc |
| SHA256 | fe063e9b00ec717a60c9fe77a42f2ebec136cbc88abe668e2cf9ddd76b57d15f |
| SHA512 | c55a6c3c3d99c5ff7094b99bf5c327899785dcbb0d099f162b05008946c0075cab5fb23146beee97adc1a6f048451cce29f3086171affcfd386ead0c4c6ec6df |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
| MD5 | 71c055fb14293fdd902383b3f460f499 |
| SHA1 | 58e4b2266b8dfd0675818403c52f1f0a5a985e87 |
| SHA256 | fb737c2c3c7acdcbfd60d2b2c38ac10b6fbd3a980f6a56facaacb748522101df |
| SHA512 | dd49e9b46ef1b50ffa459ce7b3cdc614686978bb9582384dee3023772c45bde4852815c74fb477ceb8d0433b2d85e0a47fa39eabf89511fdc6952f64ab57e4e8 |
C:\LDPlayer\LDPlayer9\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 0445e81f0f4b5ba636646ae0fc99fac1 |
| SHA1 | b5c4ef92aae7c04a1f092a9fc2737467f84e2328 |
| SHA256 | 340d17dc9694296639f6894040743df1c30cde31fadd4e8c25c6604ede72cc4f |
| SHA512 | ee2a1f27ac9451d6c5f5ddf8ded1818c0de59a7cc28a60e98b9bfefe3d2f42d87f32417e5f9ca950510cb124cdc76313e1b47e8ee92a601d0667e7ceb545e27a |
C:\Program Files\McAfee\WebAdvisor\mfw\core\logger.luc
| MD5 | efc42626d645db94ecc1810a91d0978e |
| SHA1 | 6bd919e10fbae54b3952970ec8efb1ffe8a6e9e4 |
| SHA256 | b6cd790b01e7a3e73ffd8318c85dd8298342cbd6f56cf3db4243f1473e8e6e9f |
| SHA512 | e261cde4bb6ec55438cdde208fd0398a828bfd2b22f76992f8c7094191aeed6d8987a802868b5058f0dabba4fbada018a9a3c7f0debf4e997695888531b88666 |
C:\Program Files\McAfee\WebAdvisor\mfw\core\class.luc
| MD5 | 3098255ba38d3853d7c211329c2ca55f |
| SHA1 | f1484621bc0e474ee5f19d0af6a565a2ec7147f1 |
| SHA256 | ad1b5fb6a26543fb916346541c11eeef780a997bacc95c81e872a8d3427751ca |
| SHA512 | 6edbc81e79a32d93aa0cdeeeb74b0ee8eb8c9be30efcd084785d87ca8078c927200483af1eaf3847f47e347a6a98f6640ad957d02c9146ed01e34d78c6f46d4b |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 9a0eb9a2df8f4a989d6529b3384646d3 |
| SHA1 | a7fbe699cdb5c99056a3e1d6312597ae83d25667 |
| SHA256 | 6c0e7a839bf940c05afadb30cd794d24a0a205f225f63749d524feb5224019b6 |
| SHA512 | 13c2ab7fe337d6c63b27ed3dadcdd25385ccdd75492c8ad5d4bb70c3204be809d2ac93bb1b30a25b0030548eb1066449c0f7eb939bddd336aff51ae71cd9334a |
C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsTelemetryHandler.luc
| MD5 | 607bdc95baa2bda874ee71448e700cbe |
| SHA1 | 27f2db2de258b77afa0696bd6c78b264ae55bd24 |
| SHA256 | 0aed55c2234c11a09dea63fcb5d8fe51bb10dc5302541e96ae9a987db7d4f362 |
| SHA512 | eb658f316ada1f0e35c2a854c99fd2b7b8057efdf037f40268ff0ad1396af318abd6d3d67468a3ceacfa52b5cf18b14c6d80e5b6629e6ba7da75b4d5b9ebf18d |
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log
| MD5 | cc92abf952027c7e06ed73e8e9cf5fb6 |
| SHA1 | 3bf664420978f31248ebe7d323b2ca6e10f71247 |
| SHA256 | 45eb5fba9edf7fad8be8ddc147b8cee974913859529e61272802409e3d002419 |
| SHA512 | 90cb85cf4b03907017629f61595101b2cc60f967534f75037fc99e77d5a9c3e56aec9074fc96a9bc95743dbce64452bcdb8f2289d5b5dc142662271359897827 |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | eb105c0885ee2e4b9e2734f6f7284019 |
| SHA1 | 327479f7820d19e6c236dc11f8707efd0d6bf6e2 |
| SHA256 | 350bf925609830e683e5007dbe8feb4000a0c32a2b991798dc6b84608a2a8e89 |
| SHA512 | 7e6805c2aabb1b1b8768eaf2c816dadbe78878249ea66eb89dd595fd9119ed0f8926213aa51028337fd1674aee532de301877458b5c7d9c0a2271c32a48ac611 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 872472a500be7b796dea9af8c4b42443 |
| SHA1 | 34eef689774a84efcc8915ec906f2c027327dd32 |
| SHA256 | d540aae6bf16f482b3f311159714fc6da6202b497cf5d98740a63f94e4d3fc0a |
| SHA512 | 34610a6d78adb35f53760c5900a660f8b09685f9a9627262e2ab886b48328d944cd7e4b39292da45b1bf35702ce04de994a5fdf8940e7a1655f7285c6995b2b7 |
C:\LDPlayer\LDPlayer9\system.vmdk
| MD5 | 74c5cf7f2a2a58f885e228cd33a31bd9 |
| SHA1 | 80f3f1d7c2359d0df43173def681b68fd4c6e474 |
| SHA256 | 17b64aa8d5b593740531d2f3b14e3f2c13c9d91c3fbb3f74acc9fe07c0977258 |
| SHA512 | e398d7a4a6469cfa68fd6b0e088ee06ef2e8ef32991fca09cc961aef9230f53db093946f478e814d5f698373ad69c12ad780e8a5e9ad97cad27d1cc538429a7f |