Malware Analysis Report

2024-11-16 12:45

Sample ID 240301-axb3dsha84
Target LDPlayer9_ens_Fortnite_25567197_ld.exe
SHA256 6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd
Tags
discovery exploit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd

Threat Level: Likely malicious

The file LDPlayer9_ens_Fortnite_25567197_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit persistence

Creates new service(s)

Possible privilege escalation attempt

Modifies file permissions

Downloads MZ/PE file

Loads dropped DLL

Launches sc.exe

Executes dropped EXE

Drops file in Program Files directory

Checks installed software on the system

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious use of WriteProcessMemory

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-01 00:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-01 00:35

Reported

2024-03-01 00:37

Platform

win10v2004-20240226-en

Max time kernel

127s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe"

Signatures

Creates new service(s)

persistence

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Downloads MZ/PE file

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-fr-FR.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-ja-JP.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ja-JP.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ko-KR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-nl-NL.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-pt-BR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\mfw-webadvisor.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa-utils.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pt-PT.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-en-US.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-hu-HU.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pl-PL.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-sk-SK.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\analyticstelemetry.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\logicmodule.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-fi-FI.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-zh-CN.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-zh-TW.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-es-ES.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\uimanager.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa-install.html C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-el-GR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-pl-PL.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wataskmanager.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-ja-JP.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-pt-BR.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-hr-HR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-pt-BR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-fi-FI.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\lookupmanager.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-el-GR.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-es-ES.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-fr-CA.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-de-DE.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-fi-FI.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\installer.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-cs-CZ.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-sk-SK.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-sv-SE.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-zh-TW.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\icon_complete.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\updater.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-sv-SE.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\icon_laptop.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\resourcedll.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa_install_error.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa_logo2.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-it-IT.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\main_close_large.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\mcafee_pc_install_icon.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-fr-FR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-hr-HR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-ru-RU.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-tr-TR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\uihost.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa-install.css C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\webadvisor.ico C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-hr-HR.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-tr-TR.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-shared-nb-NO.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wa_install_check.png C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\wssdep.cab C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\eula-ru-RU.txt C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A
File created C:\Program Files\McAfee\Temp2064946105\jslang\wa-res-install-nl-NL.js C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe N/A
N/A N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3056 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 3056 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 4592 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
PID 4592 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
PID 4592 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
PID 3056 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 3056 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 3056 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 5036 wrote to memory of 3200 N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
PID 5036 wrote to memory of 3200 N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
PID 3200 wrote to memory of 400 N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe C:\Program Files\McAfee\Temp2064946105\installer.exe
PID 3200 wrote to memory of 400 N/A C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe C:\Program Files\McAfee\Temp2064946105\installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_Fortnite_25567197_ld.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

"C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true saBsiVersion=4.1.1.818 CountryCode=GB /no_self_update

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

"C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2064946105\installer.exe

"C:\Program Files\McAfee\Temp2064946105\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\sc.exe

sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Windows\SYSTEM32\sc.exe

sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"

C:\Windows\SYSTEM32\sc.exe

sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SYSTEM32\sc.exe

sc.exe start "McAfee WebAdvisor"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=459250

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 113.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 d3n1ms4uhtqgov.cloudfront.net udp
GB 3.162.19.94:443 d3n1ms4uhtqgov.cloudfront.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 94.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
GB 18.172.99.65:443 d1arl2thrafelv.cloudfront.net tcp
GB 18.172.99.65:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 65.99.172.18.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 146.48.219.8.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 54.230.10.104:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 104.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 211.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 44.143.84.52.in-addr.arpa udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
GB 18.172.99.65:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 35.161.175.110:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 sadownload.mcafee.com udp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 110.175.161.35.in-addr.arpa udp
US 8.8.8.8:53 24.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 35.161.175.110:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
GB 88.221.134.24:443 sadownload.mcafee.com tcp
IE 74.125.193.113:80 www.google-analytics.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 home.mcafee.com udp
GB 104.84.78.57:443 home.mcafee.com tcp
US 8.8.8.8:53 57.78.84.104.in-addr.arpa udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 54.201.47.27:443 analytics.apis.mcafee.com tcp
GB 88.221.135.208:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 208.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 27.47.201.54.in-addr.arpa udp
GB 88.221.135.208:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
GB 88.221.135.208:443 sadownload.mcafee.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 7d5d3e2fcfa5ff53f5ae075ed4327b18
SHA1 3905104d8f7ba88b3b34f4997f3948b3183953f6
SHA256 e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4
SHA512 e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

memory/3056-12-0x00000000061C0000-0x00000000061D0000-memory.dmp

memory/3056-17-0x00000000734C0000-0x00000000734D4000-memory.dmp

memory/3056-16-0x0000000008B20000-0x0000000008B34000-memory.dmp

memory/3056-18-0x0000000072C10000-0x00000000733C0000-memory.dmp

memory/3056-19-0x00000000090F0000-0x0000000009694000-memory.dmp

memory/3056-20-0x0000000008F20000-0x0000000008FB2000-memory.dmp

memory/3056-21-0x0000000004970000-0x00000000049B4000-memory.dmp

memory/3056-22-0x0000000004A70000-0x0000000004B0C000-memory.dmp

memory/3056-23-0x0000000004B10000-0x0000000004B76000-memory.dmp

memory/3056-24-0x000000000A680000-0x000000000ABAC000-memory.dmp

memory/3056-25-0x00000000061C0000-0x00000000061D0000-memory.dmp

memory/3056-26-0x0000000072C10000-0x00000000733C0000-memory.dmp

memory/3056-27-0x000000000A580000-0x000000000A58A000-memory.dmp

memory/3056-28-0x00000000061C0000-0x00000000061D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

MD5 bb7cf61c4e671ff05649bda83b85fa3d
SHA1 db3fdeaf7132448d2a31a5899832a20973677f19
SHA256 9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534
SHA512 63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

memory/3056-65-0x00000000061C0000-0x00000000061D0000-memory.dmp

C:\LDPlayer\LDPlayer9\LDPlayer.exe

MD5 5e1c27c935b8bd115a9561a1d9878793
SHA1 cfe8bf700461ce21b7e3397142e33a45c0d1e774
SHA256 e8e22e0b4af08bb621a909b7c9b4a7b01d27bc0c090023335983b918ab1c6d01
SHA512 6fda66e448c4d19090922216256f13b6bb6ab110972324670a05a1aff2661ebc0262e779cc84ff099abe7d2af435780a6920fbc6b1ccc80d3d3e4a31e62302ea

C:\LDPlayer\LDPlayer9\LDPlayer.exe

MD5 e8cba1eb87874b23f36952c26bf642a4
SHA1 8fe4840c13373f7371199f5fdde2644cc45e179c
SHA256 0db6de09c1b98cee1f6b997bfa601b67cf7aa5f95c943a4f8a373cf0dd90318c
SHA512 bc78a0552953dc9b38fb76bd72e5b1a0224c8a6c782850f44338e0ce7ebe8facbb49a91ba8b1ccb68a0d263c3ef79cd923f1f3927647d8bb503b6877b4bad634

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

MD5 dae8f86d05e0c4f1cbbfe1af547599b3
SHA1 c809aacfcf743de170bc04dcca45b71d070471dd
SHA256 d8555e4eefa8c8d58fec73e6202bcf04ed75709a42bdd5c45d150bb9c983fabe
SHA512 d7131f05e114e1fb0c063b60215fb9ca9c00c2a7f70b648150a8b0a66c2a647c1d7388e62219e917f92990ca9a1c12458eb36c1ebd3da7446e8d877a89f731c7

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

MD5 583ebb9d7f34d392d4e8f34abdb9c7da
SHA1 a691d9298e1b450516da9252623e195d5caf3911
SHA256 89c5152ba16cb2ef027202ad640dc7ec1ffd2dd45dcae44b98eac1b38b683bfd
SHA512 e5a85d87e8f23d1d7f6746089b8c2af6a881dc455a7b544bccb0c7834c8ee9deb6d5f37fb18416c83365738d67bdb872a2861f28f17f6b4e34820e6449be41f2

C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

MD5 2531a9d66d7ff1a6d51ff7f440fec893
SHA1 c483804d98a175fb249fd56322ceb60ad39113a0
SHA256 49c5c44038cdd465898c3b2cd43375d73ded0e335b0733683455a66c0bbae7bb
SHA512 2a655b71092003fc75c7153ac797772cf6c042261753b7ebc41f57845fbdd4ecef981e518859831ad08b314cd8959a0f38c66d3e3ce3840a8c1e877313321d9f

C:\Program Files\McAfee\Temp2064946105\installer.exe

MD5 9daf36d81b100292bfd1104a310756f6
SHA1 c2a21215b054212591ea5b094a268c612d3f6d3f
SHA256 f8b10a122ff9c932ca97f80e6bcf6f210b8d54599aed029d43a07017073d6bc4
SHA512 b068431bba264f0324cf42e88bc6d13027dec32012dc3a3b7f7e65cba2df196cf68b77e753d87d6d32fb7ae15df8f853e930bd21432fa52404272901a6688617

C:\Program Files\McAfee\Temp2064946105\analyticsmanager.cab

MD5 024e451ca64f06c7054c5ff1d63289a8
SHA1 5c9a65800a072bc20ed6e660551e87b183ebfb53
SHA256 e63bfdce9db4bbf3be28051615c81b1f5f5e1af5b512af5a48c3a8b7e882213d
SHA512 f311ce7c193f8afe11a12d35726e5a2953049641363ce73b0caedf740e337f8bfbc08785f69bf93a6d5b092851c7012372086319bb86fbcbe2722cfbeed790eb

C:\Program Files\McAfee\Temp2064946105\analyticstelemetry.cab

MD5 f4f1873a7f68239272ecb3a92f1a128a
SHA1 288f5295325dc3986269b07f901aa186736bfa79
SHA256 3829fea320ad3c1aea101d47de31f93411114c2b4473fc75d11a809bdf1906c6
SHA512 4e195d038a83e8d7a0a52f9809c4ab2ece1f934220e0aaf143716bc35e8a8d682b101a42d218f00646a282bdf87cec73ef4211662ef56ca5caea691521fd8000

memory/400-229-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

C:\Program Files\McAfee\Temp2064946105\browserplugin.cab

MD5 d242744a5ae8ba2cdbd19574e624194d
SHA1 7bbc5e5946e2930bba681eb624df8ab9a45eb1e7
SHA256 775c1917b3178fcedca013b0f40a75fc1d0bde4de0edba62e9a30f6c38af48a8
SHA512 d92e4d7abe530fc8cb2e68161d4ab28dbcd056309454491c8aae2c609e4086ceca89c906bf18e8451ae070f608dbfd2eacdc2eb04087750e6dddb84aa6dc9f1d

C:\Program Files\McAfee\Temp2064946105\browserhost.cab

MD5 0c693c6f86339af4e5373bf2882733ef
SHA1 e1b19d022b2e7abc4912979208e926cc53e0e990
SHA256 3dffaab4c4d8ca047a24e5eaf50bfcc2eb649e8eac7d292adfca4683b687b071
SHA512 fddfda39c795614779a93deb2f3579eb7df3dbe597ca5da50648c44f7a5d6aa26661de85c18f3cab9cb9b03fd677779572819e2b274a19934c010b7a108d7307

C:\Program Files\McAfee\Temp2064946105\eventmanager.cab

MD5 70a210d9142001c550dddc3dcdfdd81d
SHA1 601cd1f6b648a4ab95be9d08924eef335cb179ac
SHA256 8bd64170ac05d31a1b16a6804df3a8883d04cc8ca37d40899488d2cdd81b0eb6
SHA512 8838cb360852f2082c0b1782b5c9f64db134df8b33103c3e9f82c0c5dbb18bbf1a8a4b482e1b947a333a7d1295c1c2126f4f5d7840e7b1f2e01145776c7f099b

C:\Program Files\McAfee\Temp2064946105\l10n.cab

MD5 53b2ba2438c18cc602b7601348beb129
SHA1 b95175800086f98062fe011d1435d152b449feed
SHA256 d3cf77bae0af34388d45005b24ac009daab7490b00c9d8b9907481167262eb27
SHA512 b19008619c29a4843f83807e2dd9b402bb3028967e788d2e05bcb52fb64f077c140980d2996ca54f53c1c31688c987974248fc41b45693b8f7909e93d1be3e36

C:\Program Files\McAfee\Temp2064946105\logicmodule.cab

MD5 1463291fdb22996f969d1c7c75c578fe
SHA1 939536200f54bcffc3fd6914b5b4ace815f12827
SHA256 866fad6a3d74233a548d33e212bd48078cc9502374a06fa66ba7489bb2f12638
SHA512 69128a81cfda360b93e4469a4ee22a8477dbd8e92895fe02c93e209d475e5d72b27df03041e1f985853ec5c26967e6c50c1193a448bb75542b95075ae8fe5587

C:\Program Files\McAfee\Temp2064946105\downloadscan.cab

MD5 59933ede38f4c2632b891dff135c57c1
SHA1 79286e1e920fbbf0e33860902e199afdcb3a8f1b
SHA256 8231b861300aa0bcd00f23176954c3d03a45dce57685c4d00345410843c41d65
SHA512 cab14afaccc068f3057e6c7d1eb86ca40eceb43fd6893c6a829b046e1969aeb7f9fb32791725fb9a86c5f4f284d09f569cf70e1a97d0540efc212c1e4fabf2d7

C:\Program Files\McAfee\Temp2064946105\mfw-mwb.cab

MD5 bfc0cadcba91d927561d76bcf8b151c6
SHA1 1fb6ae9629aebcdd54308f72dd8bc43da29dfa5a
SHA256 3c83f0a109a619d1a95633d3832140b4988b787fb78ed11a7ec47f680577deed
SHA512 704278c3b0381a7080ef1cdb8641592a4b2715039388f582121750391989b625790dd307508f1b1e01b04cc11950350aa7b285a980455755b968e547a4d774dc

C:\Program Files\McAfee\Temp2064946105\mfw-webadvisor.cab

MD5 4d56a925b39d2aa9bbc2a415be2e1235
SHA1 9fb6ddd87d9586995099fb0c1423553d409e1ad0
SHA256 aaf18dbdef0d5362d2f2789b0dce5e1e91d0fd1fd4d8fef6f88acaf38ecbdf4b
SHA512 d9f670b661cd83988f8092f638fd76474288a7a0ca27d819046e99d9db042e9bfe323676e485c29b3f4a2970a2f7f6aa2a84171997380e3325266373a6c6dbcd

C:\Program Files\McAfee\Temp2064946105\settingmanager.cab

MD5 d2c53c06e75e4f64e87eee17b7a43acc
SHA1 b9bd6c8a3e74092cc05d9bfb71d3e8ac24b7553e
SHA256 64ab8e2e8842c1b6f30c98d5ac68ca06d6985bffc214a8c2258fb767f0f657b5
SHA512 b1243e191681de9eca9cfb1a642bb8bcbe2c99df74cf75a5c413221e61fd1ea745dad32b93211b0ad301a091e0d5f1f9b45c624e69e945d877c47801389f54da

C:\Program Files\McAfee\Temp2064946105\taskmanager.cab

MD5 c411522aec698bd0cb8e83ec3ff7836f
SHA1 39ed475278a69ac40b66b6f3efe1be72bc288be6
SHA256 f5a933db076bd8bd00f8ba3018b95ffb6ffa9422b0e7476ad9476df7a18a3d3e
SHA512 03ef1030229b892dae3d19d9179af7d8f038c5c8e0020ed1dabca13e52a79233b3fb8267f49c7da455b76aa9088ea61088cf1396305179a19c004eb77a2bc5c8

C:\Program Files\McAfee\Temp2064946105\uimanager.cab

MD5 5e05100a06571058a3af543210b430a4
SHA1 222c7c9a5936ddd4159c36dfa1fccf4746ec707a
SHA256 f5c97231316958b99098efa5275afc3f036842c014219705546134ddfdf3564d
SHA512 07613e4ff043347523e0e6e7a3c9842476b5d33c12de7a98e09ff35913a566dbe7f0fcb1e15612904f2ad3acae33d407526a82f1ab7afe7ab467ebb137e29416

C:\Program Files\McAfee\Temp2064946105\uihost.cab

MD5 f717a02b778d4e685051dbacf55a8be4
SHA1 c14ec34eccd38c5a75a061f565b1bd4d6aeda595
SHA256 c7715d9954c86f3989ab11312db0a47368ec8fd6198381f9bb3e2d716d28d884
SHA512 01275b32bcafccc4313f73114387ad983f8689a4df63ce42bf31ba2f0ca5ebd3315cbbe93d23491b2d04e1546379112883b009ff9b4bac37e018dd01aa1240f7

C:\Program Files\McAfee\Temp2064946105\wataskmanager.cab

MD5 c14f0db8d18bef5e94786766b52a487d
SHA1 4600eaf71ea65cf8ed4ce9f2b79f3c98c935f9e7
SHA256 4d071b3b0e626392da162fdf651f3ae636c915c64c67ef42b8fdbd0bfe9a0b72
SHA512 7027baa4044773ec0c07238fc6620e45f79cbd11e8ecbcf544f5462d62a28ac31d8d641b04eb87f1419e62645eb298615dcd2af13513e28a7a9082782056b450

C:\Program Files\McAfee\Temp2064946105\updater.cab

MD5 393a036b7298015575b5dd5046234e78
SHA1 af0e8c1eecf0faf8002b1fd87e20ef0a77638754
SHA256 f736fbfe96dc8e4ed2073f66fc0e36ceaa498bcb9d3dc42eec620d6658317160
SHA512 540136b21eede0141855d6f66a0e104410eddf7c46a36f30de1e74b082b916796282325ec83db3b8dff48c2029a786c674bb9c058563a3f845189ef18c6b790e

memory/400-265-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-266-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-327-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-389-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll

MD5 bf991bb7eda0bb375cfc91e014db607b
SHA1 a01c51e7313cff62f6ff2ac39a56b66b7f4e306f
SHA256 595a9975e0804f35a4a8df24daf762db54c1c45e0a11efc0f137c5a05dba341e
SHA512 a49fdb8c2e42fae782a920997305f7153bc7d3a7c15c076547277fc1ce6cd372492b9969e71615f94e6feacc013ded01d5a4d003b8d2f1d74314e4b8b66d90f7

memory/400-452-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-486-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-491-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-514-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-572-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-602-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-615-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-636-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-643-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-664-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-678-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-684-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-794-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-745-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-739-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-1130-0x00007FF696610000-0x00007FF696620000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

MD5 410309c9c2a76857b2fb0acfab2c91df
SHA1 072dcfc550b7bbaa6a03b479b408bfc57baedd16
SHA256 d79f4b0c2f3340920cc2935a9a8aba41115ca0f700bf338fa696797ed6d3741f
SHA512 7c660d5090b9e78bc0f53530ef951e9715a65e33b62fb74b7d09f34cd8db8d54beee8a53725eb6dbc46c29bc5d4d8c4799e069220b939c85914d92f9f7384f26

memory/400-697-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-692-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-662-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-650-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-625-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

MD5 652ae29251e9a1017cf1ae8957bfc1ad
SHA1 860e2b6c10eb8f2f2476cfcca4c8efccbce6186f
SHA256 0532d4bb245eca0e6436849a90f672dd639e9547de721036d0a93ab1f7476f3d
SHA512 dd4051f2b037f00e97103164d330ef4d563fe24d8e4c6d7ee00918d5b4d56b3dde3a7d010757953bea01bf266a275d77d4c82e18bc144718e8e7ade78185dd74

memory/400-606-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-598-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-594-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-569-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-562-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/3056-573-0x00000000061C0000-0x00000000061D0000-memory.dmp

memory/400-552-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-478-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-473-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-449-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-420-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-412-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-349-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-311-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-287-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-269-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-268-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-267-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

C:\Program Files\McAfee\Temp2064946105\wssdep.cab

MD5 f49089c1a928792125a30c050753d3f3
SHA1 c82bbd114692f938a75c6c5a6707992a01272792
SHA256 099630a529fe6632953d7ca7578e8de6a7edf011872fbe96e5c8c82e3b88a2ad
SHA512 f11b80f7c1e3bdeedb69b0767a9ce7940b256aac2a7e84e351385bf856358e4eed57711da628619edd32ed74da0f5f68c090cc8985c6c6e8f50bc8ce42bbc34b

C:\Program Files\McAfee\Temp2064946105\webadvisor.cab

MD5 c9ffb55425fe109c6b3a6af2311fa6d7
SHA1 e14f14534a589a6a56a73f61a80b3d7346f1bbc5
SHA256 eff6add8271a4051979fd858d19b696e95bf8081f075c1f4b710f484f7b79634
SHA512 27c58deeb4acc4aac394d269517089c2778c2fb78fd71895b3b9d259fbf421a00c2f3c6073a7c55bd8bf60b08482d0f30722d593d79e61f714747cffee4842f4

C:\Program Files\McAfee\Temp2064946105\uninstaller.cab

MD5 9ab90256931003b0be4b1b5e6c0c72db
SHA1 183699696faf84633bcb2f9528c85f43ed866f41
SHA256 9993cd4e3a5f68b8aeffdf9934e8e84bb102550e1f9eaee311e8cc7928d25689
SHA512 f96fbced12778c1f8f13b8ed5ded94f1993f6c9835b8e67f022b2693d9b4e0f2312d91eabc7e807da82ae8dfffaecc4af94717b4aa87bea30c1e2dcc42a4ced2

C:\Program Files\McAfee\Temp2064946105\telemetry.cab

MD5 575ad9c9e0831d7689544eddd1e4ac98
SHA1 23fdfa59bd8c51627679d2f1414174bd176aa194
SHA256 f0c76b1d6316039ec00b406f0a825a6d9e515d92d455b3760b9cc63f21898ec3
SHA512 afa269d2ac0e1d6d89e5d18060060759ff1a714672aa355b48473abf90230913dc3eb640e301718c66258bb7c03a478e5aaf720eb9405893e44368ea4a02d808

C:\Program Files\McAfee\Temp2064946105\servicehost.cab

MD5 2c91564d2834024d02b0eecaa911d097
SHA1 d9fcc86142edb4c3e32886f82537675a89944dce
SHA256 dd65a1a4042505f4afc1d9a64d6e4bcceb707374137f519a7eb1ff8a96e91d53
SHA512 844ade18bee42800dae54d91dce34f126cc250a02b3e82d280ba5ec0d532b4d294b65ef000c520b8939ba932ebdaf818b2e5bf5c984bc933f048bd0935d77591

C:\Program Files\McAfee\Temp2064946105\resourcedll.cab

MD5 d452e574c6113a01b3a45d836a15a3b6
SHA1 ec6e41d57bd803347410fa5861e7521dbeec0a87
SHA256 e3e6908b669ab0503133ef8cca2834782dd174be9de67b7c01bff10f953c4855
SHA512 2775ccfa8bb146a1b27d57f330923b8a80fb932a7fc1b3fdcd9747d45fe84fab48cacf593cdb16e33500680c891c8b04d9daa16a7d33ed40b00891be68e7a959

C:\Program Files\McAfee\Temp2064946105\mfw.cab

MD5 a64bb575ff72e6c81d3358d07325fe46
SHA1 03d49603bbb7a5b3d4b96453d20845f794bdb1b0
SHA256 bc48b292f67082e8515149ba81d3064359c09f5c646a7ee8e113940a6b812afd
SHA512 acf2a01d119e518a0de8dd419dd32e270b92a0c89d90428eaf6899d18959a1ea58891ff7ad95ccba14248b0d6a07d6e6f8d25ef7bd5889eb2e19eb0700267cf6

C:\Program Files\McAfee\Temp2064946105\mfw-nps.cab

MD5 754ec5710b8d2b0d08c2d4e49aeadaec
SHA1 088f9c3baf8c91b3677435c517930b0e33b008ae
SHA256 9778ed9ea19854a4312579c2e595d16f6c5c5645e4e8b91debe7fb582cf78573
SHA512 38db5777d535003cccaef7bebc2a87837a097b4eb725458e0f8b70fbd8854811981af66365bcb5bc3afa1f1f305af365b49926540d167c5001fcc4192e3bbba0

C:\Program Files\McAfee\Temp2064946105\lookupmanager.cab

MD5 bd6e10cc0f2590433b8457175355def1
SHA1 0a2cff3e11dc8d7204f4ddad42f8230ea0f528f8
SHA256 39a27008c2e6e0f0ae58bd415abfe2c4c74c45b8d0ca506d05786e3e9b3d27e4
SHA512 46b90c72e7401d29c4a321bb9e067cf6cc976d04f5ecba1d797ce538cc310ee389b9f298988d1de4ea4fa0c8834a45b9e1bcbb3881496b4d8e62fc2489cff656

C:\Program Files\McAfee\Temp2064946105\logicscripts.cab

MD5 d55a19592f1160fed1f7f7ddff36cf21
SHA1 e19a058fa52f3c8635517ce7646fad181a28c015
SHA256 4549a4c73c3ca3898ee8443e28795effd85cddc87d57ac38c5087c53c14f056c
SHA512 70758593cd42aa8be9874cf196e229bb2824e28ef748f9e704c550dae57417299db66fb4965fd2afaa59a6d12d0b9477873bf449c2f2ae1d6e413c95ef77abcb

memory/400-1203-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-1206-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-1207-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-1209-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-1239-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-1260-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-1253-0x00007FF6A96D0000-0x00007FF6A96E0000-memory.dmp

memory/400-1281-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-1266-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-1251-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-1249-0x00007FF649B40000-0x00007FF649B50000-memory.dmp

memory/400-1246-0x00007FF6A96D0000-0x00007FF6A96E0000-memory.dmp

memory/400-1245-0x00007FF662350000-0x00007FF662360000-memory.dmp

memory/400-1244-0x00007FF6A3EE0000-0x00007FF6A3EF0000-memory.dmp

memory/400-1237-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-1223-0x00007FF6AE110000-0x00007FF6AE120000-memory.dmp

memory/400-1231-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-1218-0x00007FF696610000-0x00007FF696620000-memory.dmp

memory/400-1283-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-1284-0x00007FF6ACCD0000-0x00007FF6ACCE0000-memory.dmp

memory/400-1288-0x00007FF696610000-0x00007FF696620000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll

MD5 fb8405d761f5cbbec418f2356152688b
SHA1 d11a1f5dd029d784e32db77676f0527038b9281e
SHA256 c8c191b109188dfb0d30e8b1d2323d6553683c1380e3ecd2d5c544fddca4259c
SHA512 019072c6344be07deebe1afe2f054809d715289f5993469c2e391066f9f00d8301adbc1fa2195596cbf655c77461346ff60f870e90625ac982d204a59d56a3a2

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

MD5 09100ae5b6b6919f55ec99fa172a553f
SHA1 9ff307577056d129a06cd5555726ed5eaf830cb0
SHA256 74659562bb26ecb3c22bc9b4d515cbd24c3475801c51216dbc829214822e3129
SHA512 2aa0199db66269a2a34e79e432d88f14939f3e5fa848da0636290f9d1668deb00eacf895b495d9df0afb4023f359f7d1000822bacf3cb3feaf3af79ebcb32d20

C:\Program Files\McAfee\WebAdvisor\SettingManager.dll

MD5 418093c505df337e3c7fd64eb56f40cb
SHA1 bace4ac254b6635b6df4409fda5ddca15e4fbf9b
SHA256 2681b3705e97bc3e5a98db42d36939bf066e88cbdc58c1f2f3676bd5bd40be07
SHA512 6213aea2a6ddcf7ea3045fb14063ad7db57495392a7967bae9aa3d39d75a3ad5f73a950117502bb63ecd7346ee372b43519e57f1acc8a7d2f613b4b3ce8badd6

C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll

MD5 d44204299b4ca4729be1add20f475055
SHA1 28421928bacd9623d1ddcd4b797f23b75d854b65
SHA256 4d5c6b6f26405ab9576743440e8a945648b6bf287f188436e0f19c363e439836
SHA512 6e3a2eb615fbe840e0e2f094db9c3f368062290c11bb9deb0f014cca971d06036666e0b3d86fa9c5c082778160dc78abaca98f0bdbf174f1e7a04aec78ab736d

C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll

MD5 3aa32df1e00699347f6de12129375870
SHA1 cae8529f40e7c462777d3056fb422f45a26967ec
SHA256 f57ef774a6db9159a21833fbd405b97549ea9ef6cbe42afdf7be009c1da5b324
SHA512 3121be5134f47870bcf81e4681f03e2f61a8eb96159eff86bec90628440c67991124048b2523d89c5c42ae00547e7abc213eb1dbb8bdb02ec88d52bfe6b3069e

C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

MD5 f00ac788511def6a448d65012a6ba2d6
SHA1 7991a5098f3c776511eb7add816296dfbc6f374c
SHA256 4a0cf2c491e425cdea27fc819a4fbdd7c31bcb082d3056666a9889f0a3954fa8
SHA512 4acdaf228a774e2cdfee25255f58546a2cbd8b65aeeb2cac7cffc5186934afb9ff864819c373bf98b9aabea8f6be221e4b81370b964305346edfc0e6aada58ab

C:\Program Files\McAfee\WebAdvisor\AnalyticsManager.dll

MD5 b7601f4261b480290268170e259239f6
SHA1 70ab68d5f439d81e4ffd1ec51bc1491ace0ca9aa
SHA256 8e03fb917c0fb071c074df8f5c482a5a1031a937d80739dc9a268e924d401fc4
SHA512 2e35531933be8b54041858d9647d492d2dfb4b75546779d85c16a8d36673fe15b1135139460ebea548f5f20a3dcf269b52af67c6fe0a9f1244a10a724fe37e21

C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll

MD5 faa83e844cd926f894db7390e547e4c9
SHA1 5ef3a40f718f5512172469f381bfffc41c9fc0f5
SHA256 1dc173e45a6262006e92cc9d3ee9f1c332ee2ef5b9ee873d97e8318b1d419a10
SHA512 99d8dbb9dfb6ccf66e62a2205064934817e6d90a70f8297aafec3cb63e0308d63527b43bbe3ab8f81f1692d7e31c4ca2ea31e63d00765f47fa9638b069006f68

C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsEventsConfig.luc

MD5 a74d0c0f44f4038de9efba73bd2dd181
SHA1 7c336abf318956c7182dad76f130468909ac16a6
SHA256 7b6333ed5a30dc02bb7838f379ac1170809f5f761bed7966e3c3b47f3b08e9fe
SHA512 6785883fb654a826c00c6c23bf4ca24b0f7d96946823de6473ee2f983f146ac3a2707a2d43771adcb9d78409a4a77f942167a1cafb3cdff8b65415a2e6fdd826

C:\Program Files\McAfee\WebAdvisor\mfw\core\dkjson.luc

MD5 b488ce4870ff5ee565a953432c1d1c63
SHA1 acaf8bac20392cd53ff90eb995dfa59af381cf41
SHA256 3295649f5f8c7356798e2b4279b950a474b8193e4ba59ccfd9b63ecf20fb5d0e
SHA512 0a2880bb29612e5b80b86c0695483375f8194b1b8ab370cbc52ba46362c2df62d33e3be926ab549cf954e43032691e92cfc884d9a5012f6f4da8d5a75d70ca0a

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 782d150c75f68ef0dabfd49bf0eee9d9
SHA1 c4252301249669c0041aa056db5f49915d70f3fc
SHA256 fe063e9b00ec717a60c9fe77a42f2ebec136cbc88abe668e2cf9ddd76b57d15f
SHA512 c55a6c3c3d99c5ff7094b99bf5c327899785dcbb0d099f162b05008946c0075cab5fb23146beee97adc1a6f048451cce29f3086171affcfd386ead0c4c6ec6df

C:\LDPlayer\LDPlayer9\MSVCR120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

MD5 71c055fb14293fdd902383b3f460f499
SHA1 58e4b2266b8dfd0675818403c52f1f0a5a985e87
SHA256 fb737c2c3c7acdcbfd60d2b2c38ac10b6fbd3a980f6a56facaacb748522101df
SHA512 dd49e9b46ef1b50ffa459ce7b3cdc614686978bb9582384dee3023772c45bde4852815c74fb477ceb8d0433b2d85e0a47fa39eabf89511fdc6952f64ab57e4e8

C:\LDPlayer\LDPlayer9\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 0445e81f0f4b5ba636646ae0fc99fac1
SHA1 b5c4ef92aae7c04a1f092a9fc2737467f84e2328
SHA256 340d17dc9694296639f6894040743df1c30cde31fadd4e8c25c6604ede72cc4f
SHA512 ee2a1f27ac9451d6c5f5ddf8ded1818c0de59a7cc28a60e98b9bfefe3d2f42d87f32417e5f9ca950510cb124cdc76313e1b47e8ee92a601d0667e7ceb545e27a

C:\Program Files\McAfee\WebAdvisor\mfw\core\logger.luc

MD5 efc42626d645db94ecc1810a91d0978e
SHA1 6bd919e10fbae54b3952970ec8efb1ffe8a6e9e4
SHA256 b6cd790b01e7a3e73ffd8318c85dd8298342cbd6f56cf3db4243f1473e8e6e9f
SHA512 e261cde4bb6ec55438cdde208fd0398a828bfd2b22f76992f8c7094191aeed6d8987a802868b5058f0dabba4fbada018a9a3c7f0debf4e997695888531b88666

C:\Program Files\McAfee\WebAdvisor\mfw\core\class.luc

MD5 3098255ba38d3853d7c211329c2ca55f
SHA1 f1484621bc0e474ee5f19d0af6a565a2ec7147f1
SHA256 ad1b5fb6a26543fb916346541c11eeef780a997bacc95c81e872a8d3427751ca
SHA512 6edbc81e79a32d93aa0cdeeeb74b0ee8eb8c9be30efcd084785d87ca8078c927200483af1eaf3847f47e347a6a98f6640ad957d02c9146ed01e34d78c6f46d4b

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 9a0eb9a2df8f4a989d6529b3384646d3
SHA1 a7fbe699cdb5c99056a3e1d6312597ae83d25667
SHA256 6c0e7a839bf940c05afadb30cd794d24a0a205f225f63749d524feb5224019b6
SHA512 13c2ab7fe337d6c63b27ed3dadcdd25385ccdd75492c8ad5d4bb70c3204be809d2ac93bb1b30a25b0030548eb1066449c0f7eb939bddd336aff51ae71cd9334a

C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsTelemetryHandler.luc

MD5 607bdc95baa2bda874ee71448e700cbe
SHA1 27f2db2de258b77afa0696bd6c78b264ae55bd24
SHA256 0aed55c2234c11a09dea63fcb5d8fe51bb10dc5302541e96ae9a987db7d4f362
SHA512 eb658f316ada1f0e35c2a854c99fd2b7b8057efdf037f40268ff0ad1396af318abd6d3d67468a3ceacfa52b5cf18b14c6d80e5b6629e6ba7da75b4d5b9ebf18d

C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

MD5 cc92abf952027c7e06ed73e8e9cf5fb6
SHA1 3bf664420978f31248ebe7d323b2ca6e10f71247
SHA256 45eb5fba9edf7fad8be8ddc147b8cee974913859529e61272802409e3d002419
SHA512 90cb85cf4b03907017629f61595101b2cc60f967534f75037fc99e77d5a9c3e56aec9074fc96a9bc95743dbce64452bcdb8f2289d5b5dc142662271359897827

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 eb105c0885ee2e4b9e2734f6f7284019
SHA1 327479f7820d19e6c236dc11f8707efd0d6bf6e2
SHA256 350bf925609830e683e5007dbe8feb4000a0c32a2b991798dc6b84608a2a8e89
SHA512 7e6805c2aabb1b1b8768eaf2c816dadbe78878249ea66eb89dd595fd9119ed0f8926213aa51028337fd1674aee532de301877458b5c7d9c0a2271c32a48ac611

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 872472a500be7b796dea9af8c4b42443
SHA1 34eef689774a84efcc8915ec906f2c027327dd32
SHA256 d540aae6bf16f482b3f311159714fc6da6202b497cf5d98740a63f94e4d3fc0a
SHA512 34610a6d78adb35f53760c5900a660f8b09685f9a9627262e2ab886b48328d944cd7e4b39292da45b1bf35702ce04de994a5fdf8940e7a1655f7285c6995b2b7

C:\LDPlayer\LDPlayer9\system.vmdk

MD5 74c5cf7f2a2a58f885e228cd33a31bd9
SHA1 80f3f1d7c2359d0df43173def681b68fd4c6e474
SHA256 17b64aa8d5b593740531d2f3b14e3f2c13c9d91c3fbb3f74acc9fe07c0977258
SHA512 e398d7a4a6469cfa68fd6b0e088ee06ef2e8ef32991fca09cc961aef9230f53db093946f478e814d5f698373ad69c12ad780e8a5e9ad97cad27d1cc538429a7f