94fe564e60af7f81256f3aabddb8b85e63125711dced286e189b90fa06039156

Analysis

max time kernel
289s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240508-es
resource tags

arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-05-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

blurayplayer_setup.exe
Size

99.8MB
MD5

eaeced27040be15092da9aa0523f3317
SHA1

8f4e7ae995eea5d764f8847845e09780080f7333
SHA256

94fe564e60af7f81256f3aabddb8b85e63125711dced286e189b90fa06039156
SHA512

98219a765929ad080535df05d1acc1ad719fd396cb769fcf786b05bc549bf35505ed59ffc355f35ffc6108fba6f5d3d803cce1d85424223d9145b9af346396cd
SSDEEP

3145728:dwA2g9w7qBTkvdClNfqbJQVGLnn9ZfGCllgFp35XE2zLms:WA25qmdUNfMjjLfflkzXvzLz

Score

7^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2984 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Downloads MZ/PE file

pid	process
2984	icacls.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

blurayplayer_setup.tmp

description ioc process

File opened for modification \??\PhysicalDrive0 blurayplayer_setup.tmp

description	ioc	process
File opened for modification	\??\PhysicalDrive0	blurayplayer_setup.tmp

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Leawo Blu-ray Player.exeblurayplayer_setup.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	Leawo Blu-ray Player.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	blurayplayer_setup.tmp

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Leawo Blu-ray Player.exe

pid process

2852 Leawo Blu-ray Player.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2852	Leawo Blu-ray Player.exe

Drops file in Program Files directory 64 IoCs

Processes:

blurayplayer_setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-TVVMR.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-TIT8F.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-GDFHQ.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\keymaps\is-NUD34.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-NQP95.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\is-4VUH5.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-RFL0T.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-VA4JM.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-15435.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-4OB72.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-67TG8.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\French\is-3ASJP.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-TO68G.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\lib\security\is-LHVT4.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\is-O64I9.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Finnish\is-UQ6EK.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Vietnamese\is-D0G84.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\media\Fonts\is-OIO8A.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\keymaps\is-5GBN5.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-2EVN3.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-83ICP.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\iconengines\is-M21FP.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\imageformats\is-O98IE.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-H3VK7.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-SSN32.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\plugins\is-M4FMH.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-SO9AE.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\dvdplayer\is-FIP37.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\keymaps\is-NJI10.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Finnish\is-433BS.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\Images\uninstallicon\is-C0P7T.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-1DKNH.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-HS814.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Polish\is-N1NOL.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Russian\is-F9JMI.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\unins000.dat	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-CPNJV.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\shaders\is-PV7A2.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-LIKJI.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\lib\is-BLNRJ.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-M0V9N.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\imageformats\is-V5QMI.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Spanish\is-K9BMS.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-C5CCJ.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-9RK5U.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-E464P.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\lib\zi\is-7G24P.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\lib\zi\Asia\is-D3678.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\shaders\is-0ILAF.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\is-4NLM6.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-UHI6J.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-P3GF2.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-4AJTL.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-0O19M.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Italian\is-66E3R.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\shaders\is-EBTQA.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-FNJ5O.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\is-KK6V6.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\media\Fonts\is-K5VMG.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\keymaps\is-53NNK.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\system\keymaps\is-OG7BG.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\language\Japanese\is-SU1H8.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-2DEIM.tmp	blurayplayer_setup.tmp
File created	C:\Program Files (x86)\Leawo\Blu-ray Player\translations\qtwebengine_locales\is-34CRP.tmp	blurayplayer_setup.tmp

Drops file in Windows directory 61 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.4\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90chs.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024384.4	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90esn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90fra.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90ita.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024322.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.1\9.0.21022.8.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\e57a0a5.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.0\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024291.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90esp.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\mfcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024322.0\msvcr90.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A\9.0.21022\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024369.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.2\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90cht.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024384.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024291.0\atl90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.2\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\mfc90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024322.0	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024291.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90jpn.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024384.1	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024384.3	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024369.2	msiexec.exe
File created	C:\Windows\Installer\e57a0a5.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.0\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90enu.dll	msiexec.exe
File created	C:\Windows\Installer\e57a0a9.msi	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024291.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.1\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024322.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\mfcm90u.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA42F.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.3\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.2\vcomp90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.2\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A\9.0.21022	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024322.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.3\9.0.21022.8.policy	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90deu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024322.0\msvcp90.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.2\9.0.21022.8.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024384.2	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.1\mfc90kor.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024369.0\mfc90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522191024384.4\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\6F9E66FF7E38E3A3FA41D89E8A906A4A\9.0.21022\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522191024369.1	msiexec.exe

Executes dropped EXE 24 IoCs

Processes:

blurayplayer_setup.tmpbbtool.exebbtool.exebbtool.exewincdagt.execdagtsvc_v1.0.0_x86.exeLeawo Blu-ray Player.exeLeawo Blu-ray Player.exeQtWebEngineProcess.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exeQtWebEngineProcess.exejre-8u311-windows-i586.exejre-8u311-windows-i586.exejre-8u311-windows-i586.exejre-8u311-windows-i586.exejre-8u311-windows-i586.exejre-8u311-windows-i586.exe

pid	process
3696	blurayplayer_setup.tmp
3800	bbtool.exe
560	bbtool.exe
5008	bbtool.exe
3920	wincdagt.exe
1480	cdagtsvc_v1.0.0_x86.exe
2076	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
4840	QtWebEngineProcess.exe
2364	bbtool.exe
5328	bbtool.exe
5140	bbtool.exe
1112	bbtool.exe
3456	bbtool.exe
5340	bbtool.exe
5260	bbtool.exe
1640	bbtool.exe
4288	QtWebEngineProcess.exe
5820	jre-8u311-windows-i586.exe
2168	jre-8u311-windows-i586.exe
5716	jre-8u311-windows-i586.exe
4876	jre-8u311-windows-i586.exe
1072	jre-8u311-windows-i586.exe
5292	jre-8u311-windows-i586.exe

Loads dropped DLL 64 IoCs

Processes:

blurayplayer_setup.tmpLeawo Blu-ray Player.exeLeawo Blu-ray Player.exe

pid	process
3696	blurayplayer_setup.tmp
3696	blurayplayer_setup.tmp
3696	blurayplayer_setup.tmp
3696	blurayplayer_setup.tmp
3696	blurayplayer_setup.tmp
3696	blurayplayer_setup.tmp
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 11 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4812	3800	WerFault.exe	bbtool.exe
3112	560	WerFault.exe	bbtool.exe
4848	5008	WerFault.exe	bbtool.exe
5224	2364	WerFault.exe	bbtool.exe
5528	5328	WerFault.exe	bbtool.exe
5276	5140	WerFault.exe	bbtool.exe
5328	1112	WerFault.exe	bbtool.exe
5896	3456	WerFault.exe	bbtool.exe
5388	5340	WerFault.exe	bbtool.exe
628	5260	WerFault.exe	bbtool.exe
5288	1640	WerFault.exe	bbtool.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Leawo Blu-ray Player.exeLeawo Blu-ray Player.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Leawo Blu-ray Player.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Leawo Blu-ray Player.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Leawo Blu-ray Player.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Leawo Blu-ray Player.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

msiexec.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe

Modifies registry class 64 IoCs

Processes:

Leawo Blu-ray Player.exemsiexec.exeblurayplayer_setup.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.dts	Leawo Blu-ray Player.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.mpeg	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.m4v\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ogm\shell\open	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6F9E66FF7E38E3A3FA41D89E8A906A4A\VC_RED_enu_x86_net_SETUP	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.ogv	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.wma	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4v	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.dat\shell\open\command	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.viv\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ac3\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.m2v\shell\open	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bdmv\ = "LeawoBPlayer.bdmv"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.AutoPlay\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" %1"	blurayplayer_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.dts\shell\open\command	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.mpls\shell\open\command	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6F9E66FF7E38E3A3FA41D89E8A906A4A\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\is-0R2BP.tmp\\vcredist_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.3g2\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ape\shell\open	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.mid\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.aac\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.mka\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.h264\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.nsv	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ty\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.bdmv\shell\open\command	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.asf\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.flac\shell	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nsv\ = "LeawoBPlayer.nsv"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.fli\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.wpl\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.avi	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.mp3\ = "LeawoBPlayer.mp3"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.fli\ = "LeawoBPlayer.fli"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.avc\ = "LeawoBPlayer.avc"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.webm\shell\open\command	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.ac3\ = "LeawoBPlayer.ac3"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ty\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.divx\shell	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.avi\ = "LeawoBPlayer.avi"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.wmv\ = "LeawoBPlayer.wmv"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6F9E66FF7E38E3A3FA41D89E8A906A4A\FT_VC_Redist_MFC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.f4v\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.avs	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.qt\shell	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.wav\shell\open	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ts	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.vc1\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 7000550041002a007b006200350032006600360064004a004600280074007b004f00240077005d00460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e004600420042006f0063004b005700470031003800280071002d004e003d007500590077007100370000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ape\ = "LeawoBPlayer.ape"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.dts\shell\open	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ifo\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.vob\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.ts\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dat\ = "LeawoBPlayer.dat"	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.mpg\ = "LeawoBPlayer.mpg"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pva	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.mp4	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.nsv\shell\open	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.dvr-ms\shell\open\command\ = "\"C:\\Program Files (x86)\\Leawo\\Blu-ray Player\\Leawo Blu-ray Player.exe\" \"%1\""	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.qt	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.m4a\shell	Leawo Blu-ray Player.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\.mka\ = "LeawoBPlayer.mka"	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeawoBPlayer.mp2\shell	Leawo Blu-ray Player.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Leawo Blu-ray Player.exeLeawo Blu-ray Player.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Leawo Blu-ray Player.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Leawo Blu-ray Player.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Leawo Blu-ray Player.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Sin confirmar 671577.crdownload:SmartScreen msedge.exe
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

Leawo Blu-ray Player.exeLeawo Blu-ray Player.exe

pid process

2076 Leawo Blu-ray Player.exe
2852 Leawo Blu-ray Player.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 671577.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

msiexec.exeQtWebEngineProcess.exeLeawo Blu-ray Player.exemsedge.exemsedge.exeidentity_helper.exeQtWebEngineProcess.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1044	msiexec.exe
1044	msiexec.exe
4840	QtWebEngineProcess.exe
4840	QtWebEngineProcess.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
5096	msedge.exe
5096	msedge.exe
4488	msedge.exe
4488	msedge.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
5884	identity_helper.exe
5884	identity_helper.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
4288	QtWebEngineProcess.exe
4288	QtWebEngineProcess.exe
4168	msedge.exe
4168	msedge.exe
6068	msedge.exe
6068	msedge.exe
5632	identity_helper.exe
5632	identity_helper.exe
5632	identity_helper.exe
2140	msedge.exe
2140	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Leawo Blu-ray Player.exe

pid process

2852 Leawo Blu-ray Player.exe
Suspicious behavior: LoadsDriver 8 IoCs

Processes:

pid process

676
676
676
676
676
676
676
676

pid	process
2852	Leawo Blu-ray Player.exe

pid	process
676
676
676
676
676
676
676
676

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	5088	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5088	msiexec.exe
Token: SeSecurityPrivilege	1044	msiexec.exe
Token: SeCreateTokenPrivilege	5088	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5088	msiexec.exe
Token: SeLockMemoryPrivilege	5088	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5088	msiexec.exe
Token: SeMachineAccountPrivilege	5088	msiexec.exe
Token: SeTcbPrivilege	5088	msiexec.exe
Token: SeSecurityPrivilege	5088	msiexec.exe
Token: SeTakeOwnershipPrivilege	5088	msiexec.exe
Token: SeLoadDriverPrivilege	5088	msiexec.exe
Token: SeSystemProfilePrivilege	5088	msiexec.exe
Token: SeSystemtimePrivilege	5088	msiexec.exe
Token: SeProfSingleProcessPrivilege	5088	msiexec.exe
Token: SeIncBasePriorityPrivilege	5088	msiexec.exe
Token: SeCreatePagefilePrivilege	5088	msiexec.exe
Token: SeCreatePermanentPrivilege	5088	msiexec.exe
Token: SeBackupPrivilege	5088	msiexec.exe
Token: SeRestorePrivilege	5088	msiexec.exe
Token: SeShutdownPrivilege	5088	msiexec.exe
Token: SeDebugPrivilege	5088	msiexec.exe
Token: SeAuditPrivilege	5088	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5088	msiexec.exe
Token: SeChangeNotifyPrivilege	5088	msiexec.exe
Token: SeRemoteShutdownPrivilege	5088	msiexec.exe
Token: SeUndockPrivilege	5088	msiexec.exe
Token: SeSyncAgentPrivilege	5088	msiexec.exe
Token: SeEnableDelegationPrivilege	5088	msiexec.exe
Token: SeManageVolumePrivilege	5088	msiexec.exe
Token: SeImpersonatePrivilege	5088	msiexec.exe
Token: SeCreateGlobalPrivilege	5088	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe
Token: SeRestorePrivilege	1044	msiexec.exe
Token: SeTakeOwnershipPrivilege	1044	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

blurayplayer_setup.tmpmsedge.exemsedge.exe

pid	process
3696	blurayplayer_setup.tmp
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

Leawo Blu-ray Player.exeLeawo Blu-ray Player.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exebbtool.exe

pid	process
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2076	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2364	bbtool.exe
5328	bbtool.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
5140	bbtool.exe
1112	bbtool.exe
3456	bbtool.exe
5340	bbtool.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
5260	bbtool.exe
1640	bbtool.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe
2852	Leawo Blu-ray Player.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

blurayplayer_setup.exeblurayplayer_setup.tmpLeawo Blu-ray Player.exemsedge.exe

description	pid	process	target process
PID 3060 wrote to memory of 3696	3060	blurayplayer_setup.exe	blurayplayer_setup.tmp
PID 3060 wrote to memory of 3696	3060	blurayplayer_setup.exe	blurayplayer_setup.tmp
PID 3060 wrote to memory of 3696	3060	blurayplayer_setup.exe	blurayplayer_setup.tmp
PID 3696 wrote to memory of 3800	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 3800	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 3800	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 560	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 560	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 560	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 5008	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 5008	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 5008	3696	blurayplayer_setup.tmp	bbtool.exe
PID 3696 wrote to memory of 5088	3696	blurayplayer_setup.tmp	msiexec.exe
PID 3696 wrote to memory of 5088	3696	blurayplayer_setup.tmp	msiexec.exe
PID 3696 wrote to memory of 5088	3696	blurayplayer_setup.tmp	msiexec.exe
PID 3696 wrote to memory of 336	3696	blurayplayer_setup.tmp	cmd.exe
PID 3696 wrote to memory of 336	3696	blurayplayer_setup.tmp	cmd.exe
PID 3696 wrote to memory of 336	3696	blurayplayer_setup.tmp	cmd.exe
PID 3696 wrote to memory of 2984	3696	blurayplayer_setup.tmp	icacls.exe
PID 3696 wrote to memory of 2984	3696	blurayplayer_setup.tmp	icacls.exe
PID 3696 wrote to memory of 2984	3696	blurayplayer_setup.tmp	icacls.exe
PID 3696 wrote to memory of 3920	3696	blurayplayer_setup.tmp	wincdagt.exe
PID 3696 wrote to memory of 3920	3696	blurayplayer_setup.tmp	wincdagt.exe
PID 3696 wrote to memory of 3920	3696	blurayplayer_setup.tmp	wincdagt.exe
PID 3696 wrote to memory of 2076	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 3696 wrote to memory of 2076	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 3696 wrote to memory of 2076	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 3696 wrote to memory of 2852	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 3696 wrote to memory of 2852	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 3696 wrote to memory of 2852	3696	blurayplayer_setup.tmp	Leawo Blu-ray Player.exe
PID 2076 wrote to memory of 4840	2076	Leawo Blu-ray Player.exe	QtWebEngineProcess.exe
PID 2076 wrote to memory of 4840	2076	Leawo Blu-ray Player.exe	QtWebEngineProcess.exe
PID 2076 wrote to memory of 4840	2076	Leawo Blu-ray Player.exe	QtWebEngineProcess.exe
PID 3696 wrote to memory of 4488	3696	blurayplayer_setup.tmp	msedge.exe
PID 3696 wrote to memory of 4488	3696	blurayplayer_setup.tmp	msedge.exe
PID 4488 wrote to memory of 3984	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 3984	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe
PID 4488 wrote to memory of 1452	4488	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\blurayplayer_setup.exe
"C:\Users\Admin\AppData\Local\Temp\blurayplayer_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\is-QQ1G8.tmp\blurayplayer_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QQ1G8.tmp\blurayplayer_setup.tmp" /SL5="$501E8,104088935,161792,C:\Users\Admin\AppData\Local\Temp\blurayplayer_setup.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
    3⤵
    - Executes dropped EXE
    PID:3800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 664
      4⤵
      Program crash
      PID:4812
- - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
    3⤵
    - Executes dropped EXE
    PID:560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 644
      4⤵
      Program crash
      PID:3112
- - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
    3⤵
    - Executes dropped EXE
    PID:5008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 636
      4⤵
      Program crash
      PID:4848
- - C:\Windows\SysWOW64\msiexec.exe
    "msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\vc_red.msi /qn
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5088
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c ver >Version.txt
    3⤵
    PID:336
- - C:\Windows\SysWOW64\icacls.exe
    "C:\Windows\System32\icacls.exe" "C:\Program Files (x86)\Leawo\Blu-ray Player" /t /c /grant everyone:(F,MA)
    3⤵
    - Modifies file permissions
    PID:2984
- - C:\Program Files (x86)\Leawo\Blu-ray Player\wincdagt.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\wincdagt.exe" -install
    3⤵
    - Executes dropped EXE
    PID:3920
- - C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe" --count--url-- install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\QtWebEngineProcess.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\QtWebEngineProcess.exe" --type=renderer --disable-accelerated-video-decode --enable-threaded-compositing --no-sandbox --disable-webrtc-hw-encoding --lang=es --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="2076.0.949178885\72695009" /prefetch:1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4840
- - C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe
    "C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 672
        5⤵
        Program crash
        
        PID:5224
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 660
        5⤵
        Program crash
        
        PID:5528
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 660
        5⤵
        Program crash
        
        PID:5276
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 668
        5⤵
        Program crash
        
        PID:5328
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 660
        5⤵
        Program crash
        
        PID:5896
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 656
        5⤵
        Program crash
        
        PID:5388
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5260
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:6108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 652
        5⤵
        Program crash
        
        PID:628
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe" Leawo
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 656
        5⤵
        Program crash
        
        PID:5288
  - - C:\Program Files (x86)\Leawo\Blu-ray Player\QtWebEngineProcess.exe
      "C:\Program Files (x86)\Leawo\Blu-ray Player\QtWebEngineProcess.exe" --type=renderer --disable-accelerated-video-decode --enable-threaded-compositing --no-sandbox --disable-webrtc-hw-encoding --lang=es --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="2852.0.2041281845\2086228773" /prefetch:1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245477_4d5417147a92418ea8b615e228bb6935
      4⤵
      Enumerates system info in registry
      NTFS ADS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:6068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9cd6546f8,0x7ff9cd654708,0x7ff9cd654718
        5⤵
        
        PID:5996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:1776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
        5⤵
        
        PID:5508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        5⤵
        
        PID:4940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
        5⤵
        
        PID:2952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5264 /prefetch:8
        5⤵
        
        PID:5624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
        5⤵
        
        PID:6084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
        5⤵
        
        PID:4048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 /prefetch:8
        5⤵
        
        PID:5908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
        5⤵
        
        PID:5152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
        5⤵
        
        PID:5160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
        5⤵
        
        PID:4856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
        5⤵
        
        PID:3140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,2934279017080217794,3666720583683523635,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2140
    - - C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe
        
        "C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe"
        5⤵
        Executes dropped EXE
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\jds240680515.tmp\jre-8u311-windows-i586.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jds240680515.tmp\jre-8u311-windows-i586.exe"
        6⤵
        Executes dropped EXE
        
        PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.app-see.com/moyealog/?o=0&s=aHR0cDovL3d3dy5hcHAtc2VlLmNvbS9tb3llYWxvZy8%2Fbz0wJnQ9NDU0MzQsNzk5MDE2MTY5JmE9JnA9TGVhd28lMjBCbHVyYXklMjBQbGF5ZXIlMjAzLjAuMC41JnI9UmVmZXJlciZ1MT1ERDAwMDEzJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJnUyPTZBQzg1NzdBQUQxNyZpPURpcmVjdCUyMEluc3RhbGwlMEFJbnN0YWxsZWQlMjBPayUwQSU1QmxhbmclM0ElMjBlbiU1RCUwQUxvY2FsZSUzQUVTUCUyOFNwYWluJTI5
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cd6546f8,0x7ff9cd654708,0x7ff9cd654718
      4⤵
      PID:3984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:1452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
      4⤵
      PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:3676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
      4⤵
      PID:5680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
      4⤵
      PID:6064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
      4⤵
      PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
      4⤵
      PID:1140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
      4⤵
      PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
      4⤵
      PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
      4⤵
      PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
      4⤵
      PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11204387097043289171,589106467844946450,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
      4⤵
      PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3800 -ip 3800
1⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 560 -ip 560
1⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5008 -ip 5008
1⤵
PID:888

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1044

C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe
"C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe"
1⤵
- Executes dropped EXE
PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2364 -ip 2364
1⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5328 -ip 5328
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5140 -ip 5140
1⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1112 -ip 1112
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3456 -ip 3456
1⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5340 -ip 5340
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5260 -ip 5260
1⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1640 -ip 1640
1⤵
PID:2888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8 0x4dc
1⤵
PID:5536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f516b8f0f36c4e17b6fd8566ed34b345 /t 3928 /p 2168
1⤵
PID:5476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3912

C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe
"C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe"
1⤵
- Executes dropped EXE
PID:5716
- C:\Users\Admin\AppData\Local\Temp\jds240846593.tmp\jre-8u311-windows-i586.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240846593.tmp\jre-8u311-windows-i586.exe"
  2⤵
  - Executes dropped EXE
  PID:4876

C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe
"C:\Users\Admin\Downloads\jre-8u311-windows-i586.exe"
1⤵
- Executes dropped EXE
PID:1072
- C:\Users\Admin\AppData\Local\Temp\jds240888062.tmp\jre-8u311-windows-i586.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240888062.tmp\jre-8u311-windows-i586.exe"
  2⤵
  - Executes dropped EXE
  PID:5292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57a0a8.rbs

Filesize
25KB

MD5
0a91bfd251828b1153d38f7602cd5ff6

SHA1
5d96ce1d9d4e8835d6970a90ca9ada186dac99ec

SHA256
d71f8284c60462e52d1cd891762a8c2c2fba1f5dfa2cefacf58c4d2f62e3ae20

SHA512
f889187c9490f21454d0f2bd0888d3e1f1ff0dc26e27b7c2a0d0c5fc456400257d9feca8caf45155809101357e100c0527683a0cbc8b07751ac7ab0d2760ed97

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\7z.dll

Filesize
729KB

MD5
0e060c5bea9b24fdfced3e8b23a5c066

SHA1
5a00be213b4d1c867c2ec7ed6396b380803295be

SHA256
2181cabfc930f3116f2b9e690164f49b2886f82661f033f218a169f4254149ba

SHA512
08bb03b6064fdfeaf5726e6d850ad8fd775a97b00f2cf1ef9dfea82d93733af9f6c4e92a28d74dad5090ac0272a645ec9e5bf59ebdf0234327e0bdbcd30b3b4b

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\7z.exe

Filesize
166KB

MD5
3ddd793a96bc68cb9c80b4a7efd66011

SHA1
f76af419bd29c3ffac2101a5cb9e5da1d090cba2

SHA256
4c99e433973142e5a9e58468440b555c9d53e9dfb58f51894d14a05ac592316e

SHA512
ee59a03478400795ac9d2425f22fcbfd520e6ae2cc717c7532af9bc046031c49976da3bfe1016be54dc7c6aed101a267dfd021207d3d5215c472ff25949205f7

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\Leawo Blu-ray Player.exe

Filesize
25.4MB

MD5
a73e5e7ab743f6c4298193dd1f93abe6

SHA1
13ccf77266745020392915c77d7a2a33457e0b0c

SHA256
8898fa22d4ac50465f6f35ec9ca1976985ea8d1b72ebded31ece5bdc3cae9779

SHA512
caea2cfba4d6cc22ff40b24e3eacd31542200d4366de539d5bebac7c1bd182a2495f63a5e6f8c3c73a708f389f7cb96c1f98385945b255a39c9233f519031db1

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\Version.txt

Filesize
47B

MD5
174582b84341eb374962762ff0992aff

SHA1
8d3a3fc3b9a98ad14334c2ced8473009cc924a7b

SHA256
e581c50d4e457c3fdbbc790a3a8d9cea62fb23c5c345e2bfdcaea4976dc83574

SHA512
68eba46f6d1882fd18432c0fd09ac04c05b7691385296a7067851495234b71dfbe143873591e7a8e259c7b4d3f147d85a6d3bf300ed839780189ca35671c8207

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\audio\qtaudio_windows.dll

Filesize
43KB

MD5
e213a65008675e11c7b7c4a21b4ed321

SHA1
9110f169a7eb62061a985f26b9f85f2826bdb199

SHA256
ce162d364020f2d065d19013d509fcbf98f69030c54bc325539161115048c299

SHA512
cdb650dea597e624e27f3cc0339136291224032078a2f2929d5ec93b4bdc7f466486e1415909b98aef3fc1e8e9be73975a8fc56f26fb01c8003af31231edcc4c

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\avcodec-58.dll

Filesize
30.1MB

MD5
671645e5094e9d0ad85360ac424bc87e

SHA1
bf57754b3eb0e0a08a9c7f4046666ff55bede42b

SHA256
e18d1db07e4f108ffdcdf7154c942dfceed720da0f667c57e58bc1249d8da1c8

SHA512
a9b8adaab0797654c3ef825ac6718da935be0e1879a5bbe41a45003ba4abc9adb10f4d1faadd5e9b3c825a965599b7d8433e48d61d00e0cbf3a290d18c976dde

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\avdevice-58.dll

Filesize
1.3MB

MD5
d414db91374fa86fcc19f2e099afd0b7

SHA1
f95ddfd2b4cc33b7fedf6fb03fbb4149b3239c7c

SHA256
6d9651c77078dfb7336d1ec585e4f257d7a52d62c8cad12ce7592d7edf375ba9

SHA512
c78bfd38599fd9600c4d7e32a0527fdad268c6b7bff3346142aa35e0422945a1fc41b22abf794155aa16ea2fa18f581f0fa21c3da24de390fb83ce7d564039a5

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\avfilter-7.dll

Filesize
6.8MB

MD5
b76636b184d950a6672bdd38241f2ac5

SHA1
64da5f660f6f1d932d0aa9a0798a506e1e3b92a8

SHA256
d42bb9092f89c663f283bb6a09a335e4166573336b1ee52c44ac4dcd9bb00d4f

SHA512
386af8501e951421d239f6b059a78d06f3ff1772369b878c947c8703f8cfd147a2cedf713befd5463ba814eea6e9422f41a957e81930adbbe291355d12753c13

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\avformat-58.dll

Filesize
5.7MB

MD5
ef1c00ee2a48c398ec1c2e4e01051a1d

SHA1
32156026850712c868ddf81c13d67000576dee5f

SHA256
d2eef72aa98c0b5d014e94ce104e67c22e8114c5209335aabd7bffff606cd737

SHA512
aae14beb27b92a8d992e9988ab54345129f1b6ee356022b453522913d150290cdfc6f075c5eecbe107d7dc3555623e066d99b645f20658128706dfaf02aef7e5

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\avutil-56.dll

Filesize
660KB

MD5
8bd8f6c123acd87820f049b706443d7f

SHA1
12133a21729d250d7a89f9c55ae6dd7aecc0e2b2

SHA256
d3d3c8c269562e970c962841bf223f998ce5f01d21cfc971e1fccaf4fa9406cb

SHA512
a0593be7e91213a1f901cc995831c81a72b6605f28a434e4955dae4b7d42251207b41f4bbebc30ef0d07da1a3508ae851c7f061a3f62bc28a61d2dca2c35b760

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\bbtool.exe

Filesize
130KB

MD5
bff5e6b5e938eb402a76172635eec8ed

SHA1
8df5654bbba209f4771cbbd1ab1619aad65ab32c

SHA256
97085f0d65fb992b4026dcdde9a5753d405dd25b93e5f7d5d17d637b2c00683b

SHA512
6d7efe8c346b5daf483c9d725e8319ec189333702d99c67278ccb3e6be255ccf577c18ff5d56f61d9bc5a832e37a7e50b2c30da204c61e8926354611ddd60a85

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\bearer\qgenericbearer.dll

Filesize
37KB

MD5
191ea6af9531b3c256f36330ee0efc92

SHA1
1dfd076bdf76da4e129788aa962be89280940ffa

SHA256
e3ece7596d033bdc473197389006e6597594eaaf3ffa857141081eb9b16146a4

SHA512
9b0593a6673499da9906f31ba56caa24c79a8b53a2032271f02443bf4bcdd8ca6521c4950f0f216cdf7707a07b38b88060b8fc2716f6def17a5df177da8c719c

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\bearer\qnativewifibearer.dll

Filesize
38KB

MD5
82451c340918ba666896decafab70e3b

SHA1
d9b5970581a426462617a7e925fa9d0f4da1d52b

SHA256
ce6d2fdaff68940092461f0d87576387e3d8f107cd0e609ad310c92d01b9b065

SHA512
0b236fb85028e16330317e4e7ac90b6cb6fb501b92a2905c4f46abd16215770ec9a674424de46202841645687f505c425e80cd15a4c0f476e7148e2f9e5f360a

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\camell.bin

Filesize
388KB

MD5
5e208e463cc96b22ca1e679626108c1a

SHA1
e18b085f2d1f58e23d72451fc964319809861088

SHA256
4f7d448e1c845110ad99f6cd8c61a5b91de71e3251ea8f6ea6fde1b3e5373f23

SHA512
1dbed3d6a99699335023e552ac7a8ef30ef5161652ab599775af63f3cafe5589b6aff62239ac58a26d4f96b8396f1d9e44727f969ea081ea5d26d4e765acc0cd

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\camellia.bin

Filesize
369KB

MD5
95960f2898954378e610335a81ff4ca5

SHA1
e9c21148d9c7ab98a4152460d00948b4bfc66e3a

SHA256
5614f481b659dd011bd7f0fc0c20a42d7d5bd44d9f5faeb74e5fc95a1628f4c6

SHA512
6bb5b74501ade912d06a9f28166119165ac6b08e69e57f92b41e1cbbc3a7576f014cfc07a19187b8c5805d5a90ec9a1b854e34aec6473d044239b891efebf6f2

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\copying.txt

Filesize
17KB

MD5
4cea88e622381d1ad6e43f07c47513b5

SHA1
94777104f6b4109ff7022fbd1e55b5d7cddc2561

SHA256
e24bbc001a3752ea0020a59062f4fc2a6d0317365b7227ef1266d634bf5b9da0

SHA512
2bb2e01f3520c3d4f17800d3944a0161e5886e720ebe197e13a2050880f377936aa934b2bd222fbfb9f5a0251a60df293d035382f313d2d79541f273136afc99

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\d3dx9_43.dll

Filesize
1.9MB

MD5
75f2bc9359d351b28215bbf1375ccc01

SHA1
4ca8313d97835479dfe119c241f9afc17379c006

SHA256
a0bffc0e55f53f090e0cdfe551345e3baa7163c357714949ea32cc040d881edc

SHA512
d81c2c6cf8f5267eaeda4f0f7d03c46984cde1298c86bc3de288e63811fe26f90baf028fee8965908ecdb0a293aad64169cde36288ae2c4f729a609dbe977447

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\dvdlib.dll

Filesize
79KB

MD5
8a85a84c9050af311697110ca8e59e60

SHA1
4016d279ada05e450e7e7dd137eced2a8c4b4af0

SHA256
9735c0db3ae66408f28d0e9e79a7528244c5013a2307d5e088ceec2b39e29fe0

SHA512
36ab1eab9df947440643410cce37a6bdd21b75dff9dd3f8c153c2102b58320b268525559e9b5037a23d979c14595d146ad314121dc29c34ad019af220ffd6432

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\dvdplayer\freetype6.dll

Filesize
468KB

MD5
ffc8ded90d665d4c75e6037c5823a3e3

SHA1
c20d284f3ce265f5799214b50959424698c35da0

SHA256
f6fb40647f446bb4ba3a9f93b440c4acb4ae135c25b46edf728b7b2c1aebbf62

SHA512
c33afb8eeaf3e361576f7625b43fd267102a65d9a0b8058c4bc840cd9943963936a6d3646fa3df5d3af7803e3e688c791e1803124392ededacb57679daade4e3

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\dvdplayer\libass.dll

Filesize
1.8MB

MD5
d45879d781cacf9714670a34e0e5007e

SHA1
1e1c0e372c5b623f26b54348a70dfa2b577ab9e5

SHA256
a1b448663b607b77e74c3d7b696f8a4d8bc92e7b629910e4ce3a246deab5cdd9

SHA512
e2f4c8ebeb44211b61eac6e54a8bfd8d4a503a3f27c0c7a890a85b187278c8af0ea16d734caed1aa1e12c96cff2823544302b40a8ad2f90a9192aeae16c44d42

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\dvdplayer\libexpat-1.dll

Filesize
159KB

MD5
75778f80dfcf50350a84fc91bb7d7fb9

SHA1
77a5ce7fdaf7203e5a188b380d02f952d95c4190

SHA256
3a625fb0ac459ba1c0d3a61ec15a425dd5e847d01ad799c9a08363bf02c6a2c0

SHA512
c8a9e2ed5588249a406bad0ec4cf270e219d47cf504856c532223e7d96f78438bc3a61a412694c4162ad25eb329e563dfada737d248e99962a5aad78349285dd

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\dvdplayer\libfontconfig-1.dll

Filesize
292KB

MD5
1bde198d8ce3f02f8d6939ceb89d4fbd

SHA1
1d3f2a5c108b864bf472a6f9e491b27dfc8f8d9b

SHA256
088e4d9acf628e5e923f3a14a4f38886addc6dfea12f1d9c429056b8841138ab

SHA512
270d23a52e0ffa658f8e8da50e69a2ff4ceb4de24e74b70b71ef4a4220f34a7d2d7c856abf82edc5324c843de254521b175b5831073007c49d8251ecf338b0f0

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\ffbri.dll

Filesize
44KB

MD5
3513855bcfcafbee752afe77bc9e1f11

SHA1
f41aa13407b69dd6fbe4ec37e4ace29e512fa268

SHA256
fdbfec20461199dacda44911e8922d7150f1965c3ca1c8564d083edb20725a08

SHA512
bb2d9a9733277830e58ecb8260497a557289273defc63788f95bc9f762ee88476089dc04d93c61ae2cc40e8404cac40cb16464b0b1d3867fed0094624a65e0e5

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\hyacinth.bin

Filesize
34KB

MD5
5904600a895c66ee6be88fba729fdcc4

SHA1
94fe043e1bacd00440673d19ee9ef3f485db45d3

SHA256
1968af3821c60ea5651e8b297bd8316718bbc295fbb9d96bc0c878b12a5c8391

SHA512
da8aef9346245705a3e899bcca024f09e672f6ef9ca85254cc2bcb7996f533915edba6137de5094db52bbb43c60abcbc8c36dc3931ed75033ab170f904b63888

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\iconengines\qsvgicon.dll

Filesize
29KB

MD5
95fa5935f0771021f3e0a243a17cfd82

SHA1
a2052478dbe67fd58a071d689d805995843cc6fe

SHA256
fc6a5b271ae418f2e3417453934da17ece143b961654b9ee137fd873deb7736b

SHA512
2bbf25f61fd7e9b6300ae01ec8316e0cded1573642a67f8479838806b3a7a49258df9b39a9fd6df331a4783ca098546ee9979369a239fe20b04fe59362491f3a

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\iconv.dll

Filesize
975KB

MD5
cdfc36140af46cf81fc7b51623952eda

SHA1
2609f2625dd00d04540e6036a7fa789d65f936d5

SHA256
7a484b42737424255df752620b5605813d219a8899b7160e649c4c9f6c9db779

SHA512
324a840b040443444fbd15c101048f5c7aeb2fc1b3699a8a16599ffa6173ac15d24109795d71b32fbb2de2cb477701b66dedc8686be7968e6115ace08cdccedc

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\qdds.dll

Filesize
37KB

MD5
7f7405213d4b9d67df14b73be22f972f

SHA1
3cde79167aa36b63e80b8c1cd8f13baf1c11fd5b

SHA256
15e3f789239c0c1c4863946c2b54c5c747d10695d9d23e40bbbf5a7c5ab407e1

SHA512
ceb5bab115bfe7c310c919cf182b2bfba27e21d8b47152148c192c8e22c9d82a8769d9ac2c6c4cd273ddc81943d584fb31719172510e52d68ea5fdcc71b97bac

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\qgif.dll

Filesize
24KB

MD5
54470075c0d3777faf018cf094452bab

SHA1
6a5239b297f1f69b478d39b5247f58139c7f21a0

SHA256
455889e49ad52aea5a210093ae1212ab73ba174ee8c91411da2583ae2d7f7f5c

SHA512
13dc655a25e9282fba27c257fe382e45ecca588cac7e20603c9f898d1e6440a999d5d102b39c74cc453cdebb227a331b79ad33e2bc194f150d7a18f9fdb56327

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\qicns.dll

Filesize
30KB

MD5
f562d5d040a0959b00eac96936aa8579

SHA1
07b01bf58929c68c09ebbf0e89f31dfe26fa1e0c

SHA256
424b91e5c9e970070e265d200df5dc64512539fb2f451543cb5835c1f9e187ff

SHA512
7e88c4dc50038418dbd240e1b4bb26d87bbdb819daee2de4f92f6d3c8b5a6e25d8df72fb56fad98d5edfe2966d38a43b04c6af05a4b5f95ab6dd87c95bcadc34

Download Submit
C:\Program Files (x86)\Leawo\Blu-ray Player\imageformats\qico.dll

Filesize
24KB

MD5
f42766df238845baa144e4cd498fc118

SHA1
637d4c30309e70db2f6d234771f7a4e1a5d3b590

SHA256
a3f71219fcf16ea71cc1e12ed17cfed6c965693b500c6257fb6885e51f33cc56

SHA512
11535a1dad120908ab1339f5f3881f7a942d85e6e9c633625882da7ce5decdbb7e232151cad814e9d9949e2dd55d13be178faff202b20d1113c91f936f723b82

Download Submit
C:\ProgramData\Leawo\Blu-ray Player\reg

Filesize
2KB

MD5
fafc524ed3d61899278199252f331536

SHA1
744b5bd296f20d9ad29116bfc1d37579554e75ea

SHA256
b88ff767058b64b701ccd809e85e5e3f4b76255c379b3745ecb977680bd3e0af

SHA512
234caf9d63a4d7a13bed6d8bb8b7d2f032849bcb263c1ac74066a99366973d9d77e35e8ddfef3e79b467a148578a349baeaab97c7a7f76b2194d2ea5e52ea490

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\jre1.8.0_311\jds240847593.tmp

Filesize
11KB

MD5
b3c9f084b052e95aa3014e492d16bfa6

SHA1
0e33962b2191e7b1a5d85102cdf3c74fcd1254e4

SHA256
a68ddd67f6fcb0bbf1defa0778ee543e92c1074c442197ab623f733cc6285948

SHA512
06f51ac2962a0ec5f05ad6c90a2ba85b851d1fa2f0c079dc264fe930316cead959f68f6e34ff591b131867b482c266ac42400b06385dae712637ff0a90f902d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd7f392257954f1edc345932b4fda013

SHA1
d0a5ca70e532b852d9c37c2c4259486a0bd79b70

SHA256
c9720ed47a357c3b5d32205b62ea1d6bc9ef50fc38673371d26b1f31b493f5c6

SHA512
e694f8712d32c318cf9b64bcfcccfdab25aa5bd023f789856b3b40bfd58aaaa97cb49c76b21833e3c31dd31be6ca3418008d9d4613c55316a2066a525db0256b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b1b4a4ac0767a3ee40a39023af03b5b8

SHA1
e32c43293f00bca831ab6c22c8e5f5f78acf1c7a

SHA256
6077affe9ead101b05a0d088787cf7c1a2e029c364e55ea8fb448b7737ce048e

SHA512
16cb68d2081eefee682e2a20b8129023d30a030ec5598b031631d847c2552c4e4e998919286bfe1b576604242c524658fd2fdef94324018650aac2d43ce8940c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
baa8e1fbedaab8e0c07ca3c55ee3b40d

SHA1
c0cc6247bbb7e9abb40f6f4a2a71d2f3138b02ea

SHA256
b29a8b0fe50bc763d7518bc518cfd7563fa7d0bedb80663d3790b5cbbbd6e6d3

SHA512
777ca33a6af9ae053a922b8629e71cb67492594fb2efc94b0979ef51cabdf3e84690e74f3b02789bcb53bbb24089203551502d6bd1c4b027f8e80552bb08a40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
98307d02a28345547e0a373f9fcba84a

SHA1
3829d3f9980a5892ad96f2427f50fc9aeab92003

SHA256
1c91797b507025ddb21c990da0df36d815a3e50be7eebf1fa8cb0769e923bf4b

SHA512
560321d3efa6a0b3ff213a47c94f15d80b3e355bab7330b01af57e1783c255dcb5921cd0416fba136abc0ebf00da0bc3c7ce3f2f349ee5494a0093f845b891ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3e5d035ab039455ed40940cc9590e1fc

SHA1
84a52aa90af8395da1d9c2e6d65dd57f5dc56c42

SHA256
85aef1ae8157f9956871d2e11fcd39881e5ae05fac936258d55c67cf65afe65f

SHA512
1481478a057196b7b37c8a401c0c98b27f75c17746882c34da4d1e59e9ac9fb222285ab5cf2735d269a8dcd5aff27af9bf9bf1cdc70dcd2f1e7742a29c530ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f83d6c5c93cb0ac04cd229381c509f6

SHA1
8d2a21711e2fae6329cea659b67ec44088e4705f

SHA256
d4a9d8717b87bab1216252bc24794cb055a90627cae6ee9a1397f62303e477eb

SHA512
3243d2c8f2258469118cc516a5c6f5faa91000d403b0d8b2e3085c1ae7d21415ef65edb841d2d408409ad963827068f1f6f116e42a236a939fb93c9989ec85d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
770b45ab4bbb1d181cb416866a7c8c91

SHA1
7702203ec9fadf0fafa01c4fd513de78f024e9ea

SHA256
ca7e0993fca3bab8d560cba07b1b32f547cc82fbcf7d9aa49acbaa5a654ee6f8

SHA512
2a4352df07ee610a299f4c6a69bde6d835128de7d52f0a7bae509327ab84eac51d0a0fccbcefd3d04efb4b431b09a02234105dc0ebccd30f009dbdab8858f19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6a0fc107fd107f4b0b6145f17c22b9b3

SHA1
c9b5080d94bd8dfb0d7665a4dcb14b49efa9cbfa

SHA256
396d2cbeb4c9d7fa6ae12c6f4b6707d6e88b3ad770a469d5e1ef8fc9419506de

SHA512
d6e8747b7038b26c5b779ccca69562e5b83c4a7e4b19b55d59ad77e691cbf6162f3a47743671e4908af860c082c2c2bbf045b8015ce25e05022d3391ff9206d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8083ccbb3fa06230992f195e8589fa5f

SHA1
aaf1cae4f9fffe6e307e5a961f185a8b66f699be

SHA256
25fa61e388dcb26862f6ff83bb0b4bd66674264268a97490410bc52f167dba7a

SHA512
c6aa752bc343f7bbb402c4f8ca7e727a68dfafde625fc47fd5c58a5409f1713c010be802810aceda4ca3e301dce14178e592f79e695d58464c5e05285f1d0df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb6fad5290f53045f5f7b38c8e2165db

SHA1
f5ef6fc4906da6e656e42f10914ef012f985e6b5

SHA256
7b831c882719d8abcce7de498acb4726c85f273889b9e9fc19dd659db1ca493d

SHA512
04079dc4cbb0b4ae8e744aec75c892f8081f70d900001840e52a091160409ee1290ea341fc77cbf8b5d3985396d8f8e2a5aa742da5b9ac134779870852e726c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
98fe9bae159e375f009c91db219e101f

SHA1
c670d94980bec4b0333c40cb2c2dc51a1a83e928

SHA256
35045d265cb4d2703366e27420a028d169744cc0f1cd070cb3af6d5715b2f555

SHA512
625f050ab7ccd26d3e8d8ff2461c2449a0244c5ef3aef97fd4ad621afdd509523a589222a3291b88660db4f3e0645a99ab6da0b443967ffe20f4fd1b85116a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19c175eb678824b7be6f85563b560525

SHA1
a0adbe7e33581b74b7c3a260081a01ce68887b77

SHA256
baf1bbd0037d41c45adfbee0b8d71be009e29d56eb12015c2d89a8895e93b16a

SHA512
6af789564767144fb0ac661ee9d337ff9a925c5c61e0e14c5d08e2b507e74bc26419b57ef1272f6a298755e2bb718bf19b9f05eb09f760f2a9529e7cc2e4bc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\LogFile.dll

Filesize
247KB

MD5
33ab4e4c89898f2ac662371ef72ca45f

SHA1
a570b2ffd97a8aebc356f4a18a5f47a68817220e

SHA256
cddd830bf2c96ea1502849116b3de6423bcb20932a5159f0c5fc1df1f34ef3e2

SHA512
c3503e628428cee78527055c647f9faf05c92821efec769b5f15392d192ef1560842c89f70f5e65c5713ba5cf67a2d7b26ec011c7e6adcf559e080bbb727b2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\SetupDL.dll

Filesize
1.7MB

MD5
37923d6c19ac9f22c0c90135552ef574

SHA1
5ee9d373dea8fad861198f7032c9af8763237d65

SHA256
9a3a2664b6ec2d988c921d03ae885aa37a0daea5dc7c4ec3171e844b780e171a

SHA512
d544c1c7b8d69b795ba350a4a395a496fcad7e6923d2a4cc9e8d9736557ae7b982526b4564655cb7a251bc1e2a6991473190b025496016f5809ad29fa24818fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\btnCustomize.bmp

Filesize
1KB

MD5
b6a08f369b06265f697c8c78e23eed8f

SHA1
7f66b2855c3cd6ae824831977e5fc99ba923e5dd

SHA256
2cba0441c74ac9a1db2dd879b3647577155cd375946d4f943057231051b516ba

SHA512
d4ff478dcf89709adb5a56fa2723ba8465e556bbd8931efefff24c19ebfe5c39a1c40bc472f5a3a3a328301799fd91b97783b04c9aedf65417710fba72b637b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\cpuinfo.dll

Filesize
52KB

MD5
a9857c3b9c339fb16e1b0d26d1ba5332

SHA1
8fe84dc2ea9b59637a4348bd1e2dbb2a8027ca10

SHA256
ea68738427039a7b58f58b7293733e222f9def6cf3828f30812d8f5aafc23768

SHA512
1ddeff4100328ffdce0609947d51bf93e749fd278977e808a722b25ed0e25aab1a75d35aa936956f53dd74363f8ab4f0558b20a0ec4ca2a33e37993a1073d779

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\install.bmp

Filesize
130KB

MD5
bf0b0106ae145b6e5e99ee85f877fa50

SHA1
4708fc164196a64d0283caea9497815e3bb50fba

SHA256
68f5754beb668482394a851b5880c7279e858d95bd216b480d5aa54f61c1d562

SHA512
89200793a69ad5f40124ab8927b470b53c9033225a12dd0c4cc93f0a579342bfaca5a295ecbef5cf75031a02e54b944def5e41466c7fc27f1137cb6aaa758b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\install_on.bmp

Filesize
130KB

MD5
b8345fb264bd22ff6f7e0c593f12a2ba

SHA1
d34319088b181990f28f64babb8e53afa0f24d23

SHA256
b90d97b2eb8d0cde0b0da003f6305cdd36ddacb950b28d07fe99e7adb024e1d6

SHA512
ebdc1b69bb2d04cc54d637ea843af989c63f2d544227a09cdecb79f32a9fcc5de3426792eeb4564ca4b7a5f540bb7870d9f7d567da892d9f1ee3ec993e4dbf25

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\VC_RED.cab

Filesize
1.4MB

MD5
e10f2f6e6379e9185f71aec1421f37b4

SHA1
f344ce30310b5609a4dce0bdcdc44f4709cd8fd3

SHA256
9681bcfd73c610eb6a9538d872c1e7844548fca341f22fb66ccadb4d78530b4d

SHA512
34826d12d997ba1b96d9e720db3ed9d1626fbf8a7a51b1b20a7e54ab9b38692b8b456bad58592ca2db99817b99354e71cd6820ab65c9ca6bfba775c8da1503f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\eula.1033.txt

Filesize
9KB

MD5
99c22d4a31f4ead4351b71d6f4e5f6a1

SHA1
73207ebe59f6e1073c0d76c8835a312c367b6104

SHA256
93a3c629fecfd10c1cf614714efd69b10e89cfcaf94c2609d688b27754e4ab41

SHA512
47b7ec5fed06d6c789935e9e95ea245c7c498b859e2c0165a437a7bf0006e447c4df4beeb97484c56446f1dae547a01387bea4e884970380f37432825eb16e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\eula.1041.txt

Filesize
118B

MD5
9b15a3a055cc6e67ea191a1b7885649a

SHA1
e436256fdebb4bb321444e9fb1d84be9841931fe

SHA256
cac11bde0f7967389f9795dc2f2a5aa22b2c51d1a6ab0b0064df72dc3eb192ae

SHA512
945ac800a8d941de36a20ba46713bebfcd1a17f6ddf3b47207ed0f29faa933db93476f38cc433b1c480cf723cc7bfbcfdef52d594a4da101384ee07ef10379f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\globdata.ini

Filesize
1KB

MD5
0a6b586fabd072bd7382b5e24194eac7

SHA1
60e3c7215c1a40fbfb3016d52c2de44592f8ca95

SHA256
7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

SHA512
b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.exe

Filesize
549KB

MD5
520a6d1cbcc9cf642c625fe814c93c58

SHA1
fb517abb38e9ccc67de411d4f18a9446c11c0923

SHA256
08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2

SHA512
b92a32b27d6e6187c30d8018d7e0a35bde98dc524eabcd7709420b499778159e2872db04a3f2dfacf016d0e6d97b8175920e83fa28804609786828e52f058ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.ini

Filesize
843B

MD5
0da9ab4977f3e7ba8c65734df42fdab6

SHA1
b4ed6eea276f1a7988112f3bde0bd89906237c3f

SHA256
672621b056188f8d3fa5ab8cd3df4f95530c962af9bb11cf7c9bd1127b3c3605

SHA512
1ef58271cdedbdc53615631cc823483f874c89c2d62e0678de9d469a82bd676eb8abd34656caa5128b7edb0eb24dbf0992e5e571a97f7782c933b2be88af3144

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1028.dll

Filesize
74KB

MD5
4151a4d07640863783f837e588235837

SHA1
549ab876ac211651e77a458fc72859b6b1c304cb

SHA256
58475a90250c6818f73763775eea6379e06da6c38e8d2cf0f54eb6112a0a6aee

SHA512
19c95b06a7b0c8cb690b8d0c66549ed523f0ef7aac058cc18ecee6dc3623a02ab01b2c4762ac12422a1386f03d76d415d23b30190e13c4613b3d7a4d2f45a094

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1031.dll

Filesize
94KB

MD5
3b8a82e04238655eaef97e074fb29911

SHA1
9723b8595a326b38ecb31f64b3a67c1ed339bb60

SHA256
5e49c21b9a15c3a0fddde7ddc32fda220302ee57b8aff66f4f78b370e049410d

SHA512
ea0661e687183be31f54184fa33440e55d92bb26408dd9eea87b9a98352a2ab18bc7cc9f93c4d9b414bf618407805ffdd1e1ab65c6e474a9de610a50f485d15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1033.dll

Filesize
89KB

MD5
9edeb8b1c5c0a4cd3a3016b85108127d

SHA1
9ec25485a7ff52d1211a28cca095950901669b34

SHA256
9bf7026a47daab7bb2948fd23e8cf42c06dd2e19ef8cdea0af7367453674a8f9

SHA512
aa2f6dde0aa6d804bcadc169b6d48aad6b485b8e669f1b0c3624848b27bcd37bd3dd9073bddc6bde5c0dd3bc565fd851e161edb0efe9fcaa4636cdcaaec966db

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1036.dll

Filesize
95KB

MD5
5b6ff470cfa7087690e61f87e81ef78a

SHA1
0616cde3285284430679368575a5a4ed3672722d

SHA256
2d1c0a1b17266cff3be7d46cf3020b176e4a058fd7fc57f7b6b97e0760cc45db

SHA512
78018dd3ac7073d3fc7f205d973b41fcd35a08b45bb7f5fe2ccddc803c82e293dd98abd3405cfed9d64734c0bd79e9c7998c843086930a2c29607c6c036f14a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1040.dll

Filesize
93KB

MD5
6310ab8fc9e3dbee80592fc453a34fee

SHA1
3b01aa2ce407d89ae218a4cd81d21e3f25077b5b

SHA256
7774f2436c96a70b0cdc8176883ee7a4614353f17ad61bfbd5a8d7a1906483d3

SHA512
15b284a9a5838656a1c5a0cf765555babfe70f33ddf3155829afb2c3b12cafc360fde3dc2939140f4862b2ede9a8c4d85b6bad13a8c2ee9deee3bc1b05ac22b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1041.dll

Filesize
79KB

MD5
13ed4517152203de4bc52acc0255d952

SHA1
cc9d7d205f965659429b95dd2f317d9d4de8820b

SHA256
6183324fe24006bc3d8928029dcaccbdae517eb09727f5dd47ea5aaeed3ee26d

SHA512
6b4b9c546f8eec15ea76a36167fabf8908896fda1961e8a929ba04fd74a46ee112b6f3ab4261c27df27028a58a3821f1dc2f4481e16718b2945c0571813d9610

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.1042.dll

Filesize
78KB

MD5
0d4fb4095ea49c1ec89b9e8db0b936a3

SHA1
e263b6fb41e2984cdf8d23a25ef1c536f32c4ec3

SHA256
7d86f3ba0232c2ac4b4fce96e4cebb23700312a032d5d0db988ec6b358be1686

SHA512
f94a8fbec29e312692c61d42079ebbdd4affd7ac4a9ab4446e4a691fc3c2b5e12ea320e6bf247305b6b381a6bf2a578f1469c4b41f5354783c3bbd9b57d31642

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.2052.dll

Filesize
74KB

MD5
d7366b34e8afb605c39ef56e2201fe85

SHA1
24a1f8ff465746148bb82364713fb75297bc9656

SHA256
f7aa6ebf1413a6e4816bcad5b77c47b6bbe0cfc05cafde4aa872abe3fbd5e62b

SHA512
a36ebcc3203f419efda6de1296aa413a978ab491b041e8222ff279b98416fd98017e8777367bac20629250e2201443b1a52680848841b8d7298928387ddaca6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\install.res.3082.dll

Filesize
94KB

MD5
41bb37a347121f3e5e88d85100638b79

SHA1
9c57f09a4613b8f44c730511d3cca9121780b630

SHA256
320c305177ab4ec6e00883a2cf0886019b5d36557219e4a188cf9df3768f157f

SHA512
cce75b337e92e7b42a4683c9559970009492ee0d99c7bd75646d6b8b5341ab40a2bb3ba02ecb0e5455d46db6186ac1111263333b0da007c59ac17cbd68f65e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\is-HQDD0.tmp

Filesize
17KB

MD5
9147a93f43d8e58218ebcb15fda888c9

SHA1
8277c722ba478be8606d8429de3772b5de4e5f09

SHA256
a75019ac38e0d3570633fa282f3d95d20763657f4a2fe851fae52a3185d1eded

SHA512
cc9176027621a590a1d4f6e17942012023e3fabc3316bc62c4b17cd61ce76bf5cf270bd32da95dba7ddf3163e84114be1103a6f810ca1a05d914712895f09705

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\vc_red.msi

Filesize
227KB

MD5
e0951d3cb1038eb2d2b2b2f336e1ab32

SHA1
500f832b1fcd869e390457ff3dc005ba5b8cca96

SHA256
507ac60e145057764f13cf1ad5366a7e15ddc0da5cc22216f69e3482697d5e88

SHA512
34b9c5ed9dd8f384ecf7589e824c3acc824f5f70a36517d35f6d79b0296fbccb699c3ec1e86e749d34643934bf2e20a9c384a5586d368af9887b7c2cede9bfb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0R2BP.tmp\vcredist_x86\vcredist.bmp

Filesize
5KB

MD5
06fba95313f26e300917c6cea4480890

SHA1
31beee44776f114078fc403e405eaa5936c4bc3b

SHA256
594884a8006e24ad5b1578cd7c75aca21171bb079ebdc4f6518905bcf2237ba1

SHA512
7dca0f1ab5d3fd1ac8755142a7ca4d085bb0c2f12a7272e56159dadfa22da79ec8261815be71b9f5e7c32f6e8121ecb2443060f7db76feaf01eb193200e67dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QQ1G8.tmp\blurayplayer_setup.tmp

Filesize
1.4MB

MD5
e11458b218e2acb8a650f59e5f8bf875

SHA1
246e1a27247bc3a527d6c17ba75738af9ee574cf

SHA256
7631e4152da00615087de9a38276d95115a954492de2d41460147bd667759f9b

SHA512
41a7115b7a35b31990a39d01b03f4c54c163db1a76deac62259c7bac9b60eca553b0bb03bf6b9ed5242dab36853f9a1b265ce569620c5725f6231099e0cc2e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
302KB

MD5
1bda3fb48e0ebb299013a994f2f1032d

SHA1
bfb05ba34ca32f9a337f0486d386a6166c4f5c1a

SHA256
dbb00745281701d3d118df3c571fc8ddcf0528787a0551c701abf64657d85096

SHA512
7c98ffd272b1b778a5fdf4af03485a4855120345cd8dc7b6514d120efd3e9a9c147ff22a90beee8a79daa87aaf9d0079af8e7ea96508fe0b2bc29bc9c1bbd5a6

Download Submit
C:\Users\Admin\AppData\Roaming\Leawo\Blu-ray Player\config.xml

Filesize
165B

MD5
8f25d3d897781bc00cd8e558b5e85ac7

SHA1
4acadc25845be70f380a0373ba6b2b143f6f5ee7

SHA256
93479612bd51c8a5f6ca7da8785e60007ee50fb3606a3ea45219f5d247d01328

SHA512
3fbd7402d24cc0060f402ae53050b64685dc960b9bc0fbd2f36f444b7115b86c69cf93c3961f28b0f9258f684f3a81815fccb032e2525bf930daa41e4c3995ea

Download Submit
C:\Users\Admin\AppData\Roaming\Leawo\Blu-ray Player\config.xml

Filesize
165B

MD5
a14039d05ee43638beb98242a4e50997

SHA1
119b95cc0bf1ac37c6204ded51c320066c8013f3

SHA256
cfc89a19964ac96be90805cc632ec60b2f13bc2b0a49d5059941e769ebeedddc

SHA512
44715e6e6b6a9a29b91612595f2629dbca38f596a84a877694b7c306983d818561327cb06ec3a8ae1ac0f2bebf6433a817906056f77d13783702f81513a89d6a

Download Submit
C:\Users\Admin\AppData\Roaming\Leawo\Blu-ray Player\reg

Filesize
2KB

MD5
23833f08c4880ba53c2be1f8928fe9e7

SHA1
4b80f7410842ea3361a04485d145ac57291231d2

SHA256
74f1c581cd4694a71c881db87fe4757a2fe3c8f45f623386c16197d74c5f517f

SHA512
ec211a2bbbb2dcf5fcb442e8b1e86c3002a4b66553b4a6aa418f74c936da831244426afcdaca0617c66018d0c50a56835c7f1da9ef1b18652c11ebe2a115c8f2

Download Submit
memory/2076-1391-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2076-973-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2076-974-0x000000006DE80000-0x000000006E879000-memory.dmp

Filesize
10.0MB

Download
memory/2076-975-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2076-978-0x000000006DE80000-0x000000006E879000-memory.dmp

Filesize
10.0MB

Download
memory/2076-1389-0x000000006F850000-0x000000007200B000-memory.dmp

Filesize
39.7MB

Download
memory/2076-1392-0x000000006DE80000-0x000000006E879000-memory.dmp

Filesize
10.0MB

Download
memory/2076-1382-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/2076-1383-0x000000006F170000-0x000000006F843000-memory.dmp

Filesize
6.8MB

Download
memory/2076-1388-0x000000006E9A0000-0x000000006EA2E000-memory.dmp

Filesize
568KB

Download
memory/2076-1387-0x000000006EA30000-0x000000006EAB9000-memory.dmp

Filesize
548KB

Download
memory/2076-1386-0x000000006EAC0000-0x000000006EAE4000-memory.dmp

Filesize
144KB

Download
memory/2076-1385-0x000000006EAF0000-0x000000006EBA7000-memory.dmp

Filesize
732KB

Download
memory/2076-1384-0x000000006EBB0000-0x000000006F16F000-memory.dmp

Filesize
5.7MB

Download
memory/2076-1390-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/2852-1559-0x000000006EAC0000-0x000000006EAE4000-memory.dmp

Filesize
144KB

Download
memory/2852-1565-0x0000000007E80000-0x00000000081D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1684-0x0000000007E80000-0x00000000081D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1642-0x000000006DE80000-0x000000006E879000-memory.dmp

Filesize
10.0MB

Download
memory/2852-985-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2852-1641-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2852-984-0x0000000010000000-0x000000001037D000-memory.dmp

Filesize
3.5MB

Download
memory/2852-1586-0x000000006F850000-0x000000007200B000-memory.dmp

Filesize
39.7MB

Download
memory/2852-1587-0x000000006F170000-0x000000006F843000-memory.dmp

Filesize
6.8MB

Download
memory/2852-1551-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/2852-1557-0x000000006EBB0000-0x000000006F16F000-memory.dmp

Filesize
5.7MB

Download
memory/2852-1562-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/2852-1560-0x000000006EA30000-0x000000006EAB9000-memory.dmp

Filesize
548KB

Download
memory/2852-1093-0x000000006DE80000-0x000000006E879000-memory.dmp

Filesize
10.0MB

Download
memory/2852-1558-0x000000006EAF0000-0x000000006EBA7000-memory.dmp

Filesize
732KB

Download
memory/2852-1561-0x000000006E9A0000-0x000000006EA2E000-memory.dmp

Filesize
568KB

Download
memory/2852-1556-0x000000006F170000-0x000000006F843000-memory.dmp

Filesize
6.8MB

Download
memory/2852-1588-0x000000006EBB0000-0x000000006F16F000-memory.dmp

Filesize
5.7MB

Download
memory/2852-1553-0x000000006F850000-0x000000007200B000-memory.dmp

Filesize
39.7MB

Download
memory/2852-1563-0x0000000007E80000-0x00000000081D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1564-0x0000000007E80000-0x00000000081D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1589-0x000000006EAF0000-0x000000006EBA7000-memory.dmp

Filesize
732KB

Download
memory/2852-1567-0x0000000036150000-0x0000000036160000-memory.dmp

Filesize
64KB

Download
memory/2852-1585-0x0000000068100000-0x0000000068159000-memory.dmp

Filesize
356KB

Download
memory/2852-1578-0x0000000036140000-0x0000000036150000-memory.dmp

Filesize
64KB

Download
memory/3060-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3060-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/3060-448-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3060-1249-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3696-983-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/3696-16-0x00000000023F0000-0x0000000002405000-memory.dmp

Filesize
84KB

Download
memory/3696-451-0x0000000003670000-0x00000000036AE000-memory.dmp

Filesize
248KB

Download
memory/3696-449-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/3696-967-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/3696-968-0x00000000023F0000-0x0000000002405000-memory.dmp

Filesize
84KB

Download
memory/3696-84-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/3696-28-0x0000000003670000-0x00000000036AE000-memory.dmp

Filesize
248KB

Download
memory/3696-1248-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/3696-969-0x0000000003670000-0x00000000036AE000-memory.dmp

Filesize
248KB

Download
memory/3696-450-0x00000000023F0000-0x0000000002405000-memory.dmp

Filesize
84KB

Download
memory/3696-7-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/4288-1579-0x000000003EF00000-0x000000003EF01000-memory.dmp

Filesize
4KB

Download
memory/4840-1092-0x0000000026500000-0x0000000026501000-memory.dmp

Filesize
4KB

Download