Malware Analysis Report

2024-09-11 03:41

Sample ID 240614-yapa7sxapl
Target LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe
SHA256 8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
Tags
discovery execution exploit persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4

Threat Level: Likely malicious

The file LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence spyware stealer

Manipulates Digital Signatures

Creates new service(s)

Possible privilege escalation attempt

Reads user/profile data of web browsers

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Downloads MZ/PE file

Checks computer location settings

Checks installed software on the system

Registers COM server for autorun

Loads dropped DLL

Executes dropped EXE

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Modifies data under HKEY_USERS

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Checks processor information in registry

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Runs net.exe

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 19:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 19:35

Reported

2024-06-14 19:40

Platform

win10v2004-20240611-en

Max time kernel

270s

Max time network

268s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe"

Signatures

Creates new service(s)

persistence execution

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2004\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2011\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\pscore.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxEFI32.fd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\uwp_storage.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\data_items.json C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\UICommon.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\navigatedtoday.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxEFI64.fd C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\postupdatereboottimelookup.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\config_manager.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryhandler.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalytics.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\simplewmiquery.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\transport_mosaic_api_v2.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\VBoxTestOGL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp1753003965\resource.dll C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\csp_client.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryconfig.luc C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5WinExtras.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5Widgets.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1753003965\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ThreadingModel = "Both" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\DownloadScan.dll" C:\Windows\SYSTEM32\regsvr32.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42f8-cd96-7570-6a8800e3342c} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71b2-4817-9a64-4ed12c17388e} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ = "IVRDEServerInfo" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ = "IGuestSessionRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods\ = "36" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0c60-11ea-a0ea-07eb0d1c4ead} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CD54-400C-B858-797BCB82570E}\ = "IPerformanceCollector" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61d9-4940-a084-e6bb29af3d83} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1a29-4a19-92cf-02285773f3b5} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394d-44d3-9edb-af2c4472c40a} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D545-44AA-8013-181B8C288554}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-80e1-4a8a-93a1-67c5f92a838a} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\NumMethods\ = "14" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1BCF-4218-9807-04E036CC70F1} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\ = "IMousePointerShape" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ = "INetworkAdapter" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-e4b1-486a-8f2e-747ae346c3e9} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ = "ISerialPort" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\NumMethods\ = "39" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ = "IVRDEServerInfoChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2716 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 3436 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\Windows\SysWOW64\taskkill.exe
PID 2716 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2716 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2716 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 4084 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
PID 4084 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
PID 3124 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe C:\Program Files\McAfee\Temp1753003965\installer.exe
PID 3124 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe C:\Program Files\McAfee\Temp1753003965\installer.exe
PID 840 wrote to memory of 3820 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 840 wrote to memory of 3820 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 3820 wrote to memory of 3240 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3820 wrote to memory of 3240 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3820 wrote to memory of 3240 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4784 wrote to memory of 4548 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 4784 wrote to memory of 4548 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 4784 wrote to memory of 4548 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 840 wrote to memory of 2608 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 840 wrote to memory of 2608 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 4548 wrote to memory of 1212 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 4548 wrote to memory of 1212 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 4548 wrote to memory of 1212 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1212 wrote to memory of 1364 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1212 wrote to memory of 1364 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1212 wrote to memory of 1364 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 840 wrote to memory of 5524 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 840 wrote to memory of 5524 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 5524 wrote to memory of 5720 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5524 wrote to memory of 5720 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5524 wrote to memory of 5720 N/A C:\Windows\SYSTEM32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5752 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\cmd.exe
PID 4548 wrote to memory of 5752 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\cmd.exe
PID 4548 wrote to memory of 5752 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\system32\cmd.exe
PID 5532 wrote to memory of 4480 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Program Files\McAfee\WebAdvisor\UIHost.exe
PID 5532 wrote to memory of 4480 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Program Files\McAfee\WebAdvisor\UIHost.exe
PID 4548 wrote to memory of 6124 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 6124 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 6124 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5532 wrote to memory of 3856 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Windows\system32\regsvr32.exe
PID 5532 wrote to memory of 3856 N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe C:\Windows\system32\regsvr32.exe
PID 840 wrote to memory of 2792 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 840 wrote to memory of 2792 N/A C:\Program Files\McAfee\Temp1753003965\installer.exe C:\Windows\SYSTEM32\regsvr32.exe
PID 4548 wrote to memory of 5084 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5084 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5084 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5228 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5228 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5228 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 1192 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 1192 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 1192 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4548 wrote to memory of 5676 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_2289_CjwKCAjw1K-zBhBIEiwAWeCOF_7b7VRd8509opEtANQPLADPtrxw63C9jm7vnzEGP0W3XVvJh2JibhoCp6oQAvD_BwE_ld.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=2289 -language=es -path="C:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp1753003965\installer.exe

"C:\Program Files\McAfee\Temp1753003965\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524812

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /S "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\6AB6797B-35E4-4642-BFFA-DC0C64A35761\dismhost.exe {3AFA34BE-28C2-4B3A-B8C7-3F7CB772BEB9}

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/ykt8hgSabz

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccce746f8,0x7ffccce74708,0x7ffccce74718

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x308 0x490

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/blog/94.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffccce746f8,0x7ffccce74708,0x7ffccce74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11276336700545584009,17848560467467794557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\dnplayer.exe" index=0|

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/blog/94.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccce746f8,0x7ffccce74708,0x7ffccce74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7673693026451332238,936073334101621910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.ldplayer.net udp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 d19mtdoi3rn3ox.cloudfront.net udp
US 18.239.190.198:443 d19mtdoi3rn3ox.cloudfront.net tcp
US 8.8.8.8:53 98.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 81.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 68.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
US 18.239.190.58:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 198.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 62.215.239.18.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 18.239.190.58:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 58.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 18.239.208.107:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 107.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 d1arl2thrafelv.cloudfront.net udp
US 18.239.190.58:443 d1arl2thrafelv.cloudfront.net tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 35.80.226.215:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 215.226.80.35.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
NL 2.18.121.21:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 2.18.121.21:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 home.mcafee.com udp
BE 104.68.84.174:443 home.mcafee.com tcp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 54.71.209.79:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 8.8.8.8:53 79.209.71.54.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 49.4.219.8.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
NL 2.18.121.21:443 sadownload.mcafee.com tcp
US 54.71.209.79:443 analytics.apis.mcafee.com tcp
US 54.71.209.79:443 analytics.apis.mcafee.com tcp
US 54.71.209.79:443 analytics.apis.mcafee.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 en.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 ad.ldplayer.net udp
US 163.181.154.237:443 en.ldplayer.net tcp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 18.239.208.77:443 ad.ldplayer.net tcp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 237.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 49.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 77.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 advertise.ldplayer.net udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 163.181.154.248:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 248.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 163.181.154.248:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 res.ldplayer.net udp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 241.154.181.163.in-addr.arpa udp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 18.239.208.6:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.239.210.27:80 ocsp.r2m02.amazontrust.com tcp
US 163.181.154.241:443 res.ldplayer.net tcp
US 8.8.8.8:53 6.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 27.210.239.18.in-addr.arpa udp
US 18.239.208.49:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apies.ldmnq.com udp
US 18.239.208.82:80 apies.ldmnq.com tcp
US 18.239.208.82:443 apies.ldmnq.com tcp
US 8.8.8.8:53 82.208.239.18.in-addr.arpa udp
US 18.239.208.82:443 apies.ldmnq.com tcp
US 8.8.8.8:53 es.ldplayer.net udp
US 163.181.154.237:443 es.ldplayer.net tcp
US 163.181.154.237:443 es.ldplayer.net tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 18.239.208.98:443 cdn.ldplayer.net tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 encdn.ldmnq.com udp
US 8.8.8.8:53 encdn04.ldmnq.com udp
US 8.8.8.8:53 hardzone.es udp
US 8.8.8.8:53 encdn01.ldmnq.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 i.ytimg.com udp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
US 18.239.208.58:443 encdn01.ldmnq.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
IT 138.199.44.209:443 hardzone.es tcp
US 18.239.208.12:443 encdn04.ldmnq.com tcp
US 8.8.8.8:53 encdn07.ldmnq.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 18.239.208.12:443 encdn04.ldmnq.com tcp
US 8.8.8.8:53 6.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 18.239.208.14:443 encdn07.ldmnq.com tcp
US 8.8.8.8:53 apis.google.com udp
US 18.239.208.14:443 encdn07.ldmnq.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 apies.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 18.239.208.66:443 apies.ldplayer.net tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 209.44.199.138.in-addr.arpa udp
US 8.8.8.8:53 14.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 12.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 66.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 66.223.219.8.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 163.181.154.236:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 236.154.181.163.in-addr.arpa udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
US 163.181.154.231:443 en.ldplayer.net tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.121:443 ad.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 18.239.208.87:443 cdn.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 231.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 87.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 121.208.239.18.in-addr.arpa udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 apies.ldmnq.com udp
US 18.239.208.8:80 apies.ldmnq.com tcp
US 18.239.208.8:443 apies.ldmnq.com tcp
US 8.8.8.8:53 8.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 es.ldplayer.net udp
US 163.181.154.236:443 es.ldplayer.net tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 18.239.208.87:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 142.250.200.54:443 i.ytimg.com udp
US 18.239.208.87:443 cdn.ldplayer.net udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 apies.ldplayer.net udp
US 18.239.208.66:443 apies.ldplayer.net tcp
US 18.239.208.66:443 apies.ldplayer.net udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 239.21.107.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/2716-12-0x0000000006150000-0x0000000006160000-memory.dmp

memory/2716-13-0x000000007294E000-0x000000007294F000-memory.dmp

memory/2716-17-0x0000000006160000-0x0000000006176000-memory.dmp

memory/2716-18-0x0000000073250000-0x0000000073266000-memory.dmp

memory/2716-20-0x00000000090D0000-0x0000000009674000-memory.dmp

memory/2716-21-0x0000000008C20000-0x0000000008CB2000-memory.dmp

memory/2716-33-0x0000000004900000-0x0000000004944000-memory.dmp

memory/2716-34-0x00000000088E0000-0x000000000897C000-memory.dmp

memory/2716-35-0x0000000008980000-0x00000000089E6000-memory.dmp

memory/2716-36-0x000000000A220000-0x000000000A74C000-memory.dmp

memory/2716-37-0x0000000002DE0000-0x0000000002DEA000-memory.dmp

memory/2716-38-0x0000000072940000-0x00000000730F0000-memory.dmp

memory/2716-39-0x0000000072940000-0x00000000730F0000-memory.dmp

memory/2716-43-0x0000000006150000-0x0000000006160000-memory.dmp

memory/2716-44-0x000000007294E000-0x000000007294F000-memory.dmp

memory/2716-47-0x0000000072940000-0x00000000730F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

memory/2716-59-0x0000000072940000-0x00000000730F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 cbdc702ec44e244b2cb764ec3a82efcc
SHA1 3ac7e0652509171d905f06423c979a5c0d16ba1e
SHA256 2f97de96c50d73bcdcbff95fed75b2763207c8fc144d6367d2ec954c1e966b8b
SHA512 8ef13a28201c448215fc241cda74bb032c4a0c29a777de6aed32eeee8a5c428f3899a42ec74a408faee6535d08f7796d216c0bb1454fa2a67480c6a4e6ace9c6

C:\Program Files\McAfee\Temp1753003965\installer.exe

MD5 7cdab43bc1b360d42a143943c700bbae
SHA1 9210afd1e6616bfdd20dd71c7379d1cadfeab966
SHA256 580a2098951e804ad5cb726fbc0e78ed09464910769fa277330a3f78c0703a51
SHA512 ed28a4eec8e35aa0786f960e87079929b9fcb154b3b184f4051178a42d678eac438914f3144b9a1ff4e0c0a7a74171b594eb1ddf5d8180708677cbb7444486cb

C:\Users\Admin\AppData\Local\Temp\mwa9F0A.tmp

MD5 662de59677aecac08c7f75f978c399da
SHA1 1f85d6be1fa846e4bc90f7a29540466cf3422d24
SHA256 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb
SHA512 e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0

C:\Program Files\McAfee\Temp1753003965\analyticsmanager.cab

MD5 c60ce68c2ab0f0a472f4c4d04a8d54ae
SHA1 0e56defd42bf0b3ee29432e3cdc3fbbdb9d27dfe
SHA256 c5941c0d7db0b94fd30034d13ec69e9ece6133b43481d99f8d1c36236f363515
SHA512 733a9b9805e0c255f858d1052af5d75c54a004756e10e351f2ac2983fd1502a71e06daf947e17c49eb3784d01dfabf0d8b6008c56b0ed8ac74c928cd35ab3441

C:\Program Files\McAfee\Temp1753003965\browserhost.cab

MD5 f2d4152850d4e2ceb0f318f2f11cf021
SHA1 004dc3db926cff0345d91a3fdd3bd241b9ddd0f6
SHA256 f1933558644045dbc893cef9a23d735b5a45ae7350696c1da9faab616638f56d
SHA512 f7692e406698ab617e859df616621b03f4227b0c43b41ac984e4302021f275fddc650d640d8864fe05b0886b742d4beddbdbfeabe62d4a22de8ef7f2f7264041

memory/840-297-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-296-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-295-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-294-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\analyticstelemetry.cab

MD5 25ada6efda1551f01db355065e53faae
SHA1 6e822cefc2dc0177ea9ad002958c218b0fae52bc
SHA256 2dfb8800d7d6e2ca15d4b6124e1bc1ffef6d17fd5d355a4fab29c68291645f96
SHA512 38a5fb07f63d49db0afbf67935e0afd5e1fc2097511cc048789a07546980d296a979febce125dee61770ed69ad749fcc814dbd47184655d7e314f4c43d541bd5

C:\Program Files\McAfee\Temp1753003965\browserplugin.cab

MD5 5b946a56491375ea87a336d07c648ab9
SHA1 f9c5cca74f03936d172ae8d8e7c532c95ee8be10
SHA256 a459c1c14309214cc705871932f6aff9b95df2c95024a8ec6caeae18ced49c29
SHA512 0e3d09a425827d7e1c88b63c9bd7614751e9445daab2118aceedd9ab0dc2493e0167180cb01d295b446954bc77ca926d144f958578fea77aeff4e8d54c1dcf98

C:\Program Files\McAfee\Temp1753003965\downloadscan.cab

MD5 5eaf2b2662a9926d835fcd1e0016facf
SHA1 0d9ca8500393479fa954d0519ac39aedd07fda32
SHA256 70d1d190ddc32a61576bf2454fdf066348d3076c1a83918bc76e90224f68ba02
SHA512 873a5b7c0da923aa79f8733a9e42600a6d794f536edde8c3bfc8da19f853cfcb879d88529a43b96b8ef1d9c94f051564f783c00b4c24ceccd39a6850289ec399

memory/840-299-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\eventmanager.cab

MD5 570b642237d02474854bcf1dcb17b762
SHA1 12a7b4306775a555cb9a6135cbe5a9a3dba9ff4c
SHA256 fa8e179685aeff6cbe9578ae2f3e34a5bcb045b5697d5b7e3416ec2ef8a25881
SHA512 e98cc2b45caae213acd3062f3c8b1b82a71cc124a8910f2ab6a463a2628d832d9dca17e6f2e5f933287c668538d70486635f3d7efec093889ea107c20fd0a919

memory/840-302-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\l10n.cab

MD5 9064bf5ea7cb9acd2a4b5efb0dd90a2a
SHA1 a142a9281c3ddac96186b1b7c7a1ff6ba0ef3dda
SHA256 8a2aa601fa77e3587e153840c1896028422335e9b3b2fd00fdc462f677e0c687
SHA512 362bf6865c0586e8001566fc5cfde2decefd24fccbe93339090d9f816ab4203b4476bfb378ebd69b25c2bd8bb5b7c1ca7aa4cbb284888b43e37d4adf86fffbc3

C:\Program Files\McAfee\Temp1753003965\logicmodule.cab

MD5 59f879d459c452486543ff8f84981710
SHA1 4f56f3a41be2a44adb5ad0e4a01fd9b808df49c0
SHA256 73c5bf76c7f680b0f28b969a9748a3cd7923e1f84eb00484ea5929276e839f8c
SHA512 f9b9d614f4f5692a0c024ccf3b79fd21e2f9d7e6dc951da01c6745d57322b0f2f5e33efcad6e222eef2244a5312b8faee300e73d3855bb78e2217fe850341477

memory/840-315-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-314-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\mfw-nps.cab

MD5 f8b177c8ca906c97c8ac9999ad9366ab
SHA1 ac1227646dc1df0bfedc430abb8bcdb6d5cfb066
SHA256 427a030c28264bcf224703b7ae439a405be762c797aaf988342b2409a5c3bf40
SHA512 af105f43d497f63b28792a0fa23f630267bb671dbc814f6b82815c58458a281251a7948b871d4ad3b8cc5b2501cd28653427b6e954d3a1d0d2138f98d57e59fa

C:\Program Files\McAfee\Temp1753003965\mfw-mwb.cab

MD5 4574be184f0eb83b10106c7cb4789bab
SHA1 ef7eccd4a3c89a598b0ca421a255f25b74c1c909
SHA256 a2de49125043942f1e7611b670a5316bfa4cc6e29cd84de0371f822fb88b976f
SHA512 995c6dabd71cbb928a29733cdc367fcfc5aaa6b613b9e6fc2269a8e46bfdca70418e8d3f41987bedfee1f002cffb3833dc726beafa995f809aa4764a80d53e1c

C:\Program Files\McAfee\Temp1753003965\mfw-webadvisor.cab

MD5 2dd394a5a4385ebb09c3cd47be84c0a4
SHA1 d9ca7feb947776ca5fb6f2260fe29de763c2216b
SHA256 3c09814cf00e096773875e1d2d402bb35412ab0e62a3a24006b1757552fbddf0
SHA512 9dc5f1a3436aa58558ae031e5bd5fd0f443f416923425a9e4bcbb22a509ef81da603310c9f962f6a3e8465feb95797a3c3df81086f617d7e8e4f1d8bc7ba2e43

C:\Program Files\McAfee\Temp1753003965\mfw.cab

MD5 a47358e143069bf156ff5d0196743453
SHA1 9ee25fdb797e5663e2285a405dea937e6314e20b
SHA256 299e548ac813083d8d0da9d01d93eb15f2c56a378e960b193dd53d05e2dc0357
SHA512 2d7213b6274377a9b73f10ac830381824e9655871b3baef0a053e58d2fd7dc0803861655349f75f76884cb4f457b11ff465bf1ee9edee121ba4e908fbb4a2bea

C:\Program Files\McAfee\Temp1753003965\settingmanager.cab

MD5 f4f68e7c5316e9e9cf76ce7b9b0867cb
SHA1 634e06d92c94dbf65f5f26e06d1545ea4efd3d0a
SHA256 f976526198d9118096957713437b5270659f09a8d287ea083cc507f11ca90481
SHA512 22b48d6e66d6213621abcb0980561905b1a7ce9fd7bcdf1e071a1385a5837614031d6ea7f273ccc30362c6d12877b21a60e6dec51f7325728c2f58729faca1ce

C:\Program Files\McAfee\Temp1753003965\taskmanager.cab

MD5 cd4b69e388f6b680a0d04a5940eb36cf
SHA1 9c152ce13aed8f9445d5914a073c93acaceb8c80
SHA256 6830cc14efd636047f7a1301c8d6bcab6d9eb683a5d502e5cd191de27e77e8d5
SHA512 e0f76bbf3d4f77a87c6dd736b428c7619eaee0917917df3670ab9d500a0071d3f3619f0c8c28fd8f671bd4cfba4ac8bfcbe387479261ff9d7bc3e044cc4b6220

memory/840-346-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-342-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\telemetry.cab

MD5 dcc3f40c89f258943b3f26e425bc63d3
SHA1 ad555e3a3eb1cc793e7433a59f4654f8b59998e4
SHA256 35ee6e6f96ee2cc217cd5f9651b46675b8daffa61611619ba5dcbc8a4b2310d7
SHA512 289326921d13a9d0b541227906cc3398d0ec25d1965d17bea23935d5e7a3e154a461765637d9ebc5d5c243aba76acefc4a578c8cb51597521869394a28e35440

C:\Program Files\McAfee\Temp1753003965\servicehost.cab

MD5 33ee0d702b93bb125fc9b0ac7338dd65
SHA1 d9933eef5c69162c39eee600d907bc5fb5b9c243
SHA256 39ff5b0efef548d16ca7f8e5bc64a10c9fe0b2687042acb8a81063fa4114f24a
SHA512 494abfee3e92a1934fbf87de9c38a474bc80ab5374094cb616699a3c9fde0a54556952a56062c12fad3a592e718e53d454b7da04e466f2a1de6ebf5fd28074fb

C:\Program Files\McAfee\Temp1753003965\resourcedll.cab

MD5 701d3416051f03ece40b51d97482642d
SHA1 9e484b8dd494dec3ea07ec5e210d5a22ac8d50c6
SHA256 0822181f90d70c0172d715e45c3fc277604d0035947b72be10fefdd33d5b2eb3
SHA512 65d5e901c3fd0abcf1ba4919e7d7cf95dad98920789284278ae48cac23bb6776552b625ff5da448d6c024db80b11437bc61385ebbc618a9eb765b5ea36dd737e

memory/840-331-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-328-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-327-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\lookupmanager.cab

MD5 182315f2c8bbf146aae9706d3720f492
SHA1 cf1c2e2982f97d9e2d8fc1f285d56dd3f485e954
SHA256 173c4f5b70453c0fd1c175841418d4cad4d669f373f99bbdce1fdc1440ba2bdb
SHA512 7f378afe22bb4a2330d6704f253ab4da2d3f571a719e672dea7e0d88b644a895cb883c5154b0bbc40e302b3d8d7307dff0ef9fe2c7dc79c2ba963a2932d37718

memory/840-321-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\logicscripts.cab

MD5 f3d9744bc01d08dc8981b0d2bc054fff
SHA1 e3bcbd89982144ececf7ec07f41551f982da5966
SHA256 f23c6a8782ea8da307ca628dc9f8c4551808d0c59317ee966b190b7462719ad1
SHA512 22e5d3b28ee18965b0eab4c2474e33caab52311dc53639b528b2ac7b7ffcfa259222615471fc3e5c432f9f00fb1c899ec96dcbc9127dfa20b4a95bb9e9e71d82

C:\Program Files\McAfee\Temp1753003965\uihost.cab

MD5 98a08e9dc50955d9ea25c43703e02c30
SHA1 4753d84de777b7ebeda8496fc4c3e3f464464604
SHA256 a603254dfbd9dff3e08b61dc4656ce44f567468c7f2a12171788db8088e694f9
SHA512 a0038d1d6029c996ec60d4ceacd290b040d36659c670fa622fbc3d92650b66e3caeea9aa335ebb9cfc8daa927a0d21be4bb8ba49c6ddb94d784c377bdc98874d

memory/840-354-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\uimanager.cab

MD5 359da3a49e3ef9174ed856351359cca1
SHA1 2e9358a989446983d1f9b57916d11ee8215c2117
SHA256 d15efe76438d6baf5adcebda27ec122d84a7140b50b098455441a1cc25c37aff
SHA512 7b0807d6cc145c77f3b9765ab8c6347d0830acfb25ccdca8217f71c0fd5b5f67334b4223e777135c414a710e0be6d76b08e048716633dddc8a285e7ef0ba59f7

C:\Program Files\McAfee\Temp1753003965\uninstaller.cab

MD5 58e66a3132b71966d526408bf053aea6
SHA1 c8a889894109d4ba27fc9de537a9186d8cb551b1
SHA256 492aa5a00eeead55003a75d941a0d8a692d4492157d118b9d5f278c21346a2ad
SHA512 e75fc150bb8d2c17c781f44333c83dc20b3b128c6e31b4093bca4aa178d3d145fbc734e35b8e5fd384ea5290226e00f53ca3ea32a6aabf95bd32ae6ba7f3d751

C:\Program Files\McAfee\Temp1753003965\wataskmanager.cab

MD5 83fdfd5906b8f776f556a7cd4b0cfc79
SHA1 09696e7177a338c841ef15b3aabd398c37c171c5
SHA256 e0932739847297b5748e85a61e48c0a94467f9f05f4ea77603ade094d188a5fe
SHA512 aec2e035ce9b8208357c921a20f98927733991c26780b53897a17b63fc496f4b5b0b8db7142ea8905c72129f33555697269f46e86b086172ab3854ee3077bc68

C:\Program Files\McAfee\Temp1753003965\updater.cab

MD5 270ce6ac663a87823b1c7a1d6a873f39
SHA1 078e465b4ffc3bf6e31783ed0eea0cf3bb7a5903
SHA256 6db54fab1cc49e2fb6a149185e06cf501a65e53383af312af45f03a3fbf70988
SHA512 0a2b0daa7df69abca23de43755355f70772433f77b02a335701c41e0da57c01292ae0004ff438054eb89ff77826cfb375505e07d6ca2495bc922b6876c7c6eeb

memory/840-668-0x00007FF608660000-0x00007FF608670000-memory.dmp

memory/840-658-0x00007FF608660000-0x00007FF608670000-memory.dmp

memory/840-685-0x00007FF63EFE0000-0x00007FF63EFF0000-memory.dmp

memory/840-680-0x00007FF63EFE0000-0x00007FF63EFF0000-memory.dmp

memory/840-676-0x00007FF63EFE0000-0x00007FF63EFF0000-memory.dmp

memory/840-654-0x00007FF608660000-0x00007FF608670000-memory.dmp

memory/840-641-0x00007FF604610000-0x00007FF604620000-memory.dmp

memory/840-574-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-572-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-570-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-557-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-549-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-534-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-499-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-466-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-465-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-463-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-460-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-442-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-440-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-435-0x00007FF5E4570000-0x00007FF5E4580000-memory.dmp

memory/840-423-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-420-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-402-0x00007FF655A80000-0x00007FF655A90000-memory.dmp

memory/840-656-0x00007FF608660000-0x00007FF608670000-memory.dmp

memory/840-639-0x00007FF627D80000-0x00007FF627D90000-memory.dmp

memory/840-632-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll

MD5 1808c799122958a5b478e4abdddcb838
SHA1 2ec4421167ae928a7eaf6100395613e1d7563a01
SHA256 eb799222e804a3c43b6ebf8df37e98a21409a9db21f628871a8666271c9f3677
SHA512 bfc21270b2b3dcd12a7dc7a4d004a4b9b35d96d9510b6501db40c316104e62aa04492f4d98a2ce3dd120abacf6b87a61b86e7f1940d69a9f22b09cf999cc4e59

memory/840-621-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-601-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-598-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-587-0x00007FF5E0310000-0x00007FF5E0320000-memory.dmp

memory/840-582-0x00007FF646290000-0x00007FF6462A0000-memory.dmp

memory/840-397-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-395-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-394-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-393-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-392-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-391-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-390-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-389-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-388-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-387-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-386-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-385-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-384-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-383-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-382-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-398-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

memory/840-396-0x00007FF6116E0000-0x00007FF6116F0000-memory.dmp

C:\Program Files\McAfee\Temp1753003965\wssdep.cab

MD5 2b87c7525f87ea3d4f18b17375bd03fe
SHA1 f1ab1cc42f22053d8851ff1c0a40ac914d38706e
SHA256 103a3ce8057afa38a649df47bb459026da92ea21b39ee31fd14695d25915f184
SHA512 f9394679e6c716bf118b80f82cde4895c52f4b48dca91fa2c7bfe14aab4c9393038925e6f62ffd352c1276d3360e4b8c9fdb928d7854d3178e6bcb1123e34294

C:\Program Files\McAfee\Temp1753003965\webadvisor.cab

MD5 72be294cc14fdd5572b7a6e4b8c96291
SHA1 788f89db5cf5f6d37a3c8c527ceabdea207c51ea
SHA256 d5630c05cb77c9c615e955235806c71ad6656d95b6fb07369fc1e52fd4c755f7
SHA512 30c7d73e744fccbb9bcdcef22dba031546745e12a30b60ccea1bc700edf8893f5404510b80eaacf6d962cb629bea13cdf728ea2c17bf5cbb7823f8ee90e400ee

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\crashreport.dll

MD5 19dae6362eb73913f7947f719be52516
SHA1 e157307ae8e87c9a6f31bc62ecdf32d70f8648d9
SHA256 ae0eba69019294d03e11d68fea0ee72e77bfe156803f1b83bc8566a0a4d3584d
SHA512 f5eb5771eb03f7f2067e32573397814ff3ef54dc7fae0abadad6bfdcafef6a4a5bf6f3ab9874c0530cb70cb995f6716ca8fa1cba175ed5a1d298c700f6e59ad2

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 d4d2fd2ce9c5017b32fc054857227592
SHA1 7ee3b1127c892118cc98fb67b1d8a01748ca52d5
SHA256 c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185
SHA512 d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

C:\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 4def56a3500d5a4dec3ff797a88c5751
SHA1 1a53c9c6f3d1e27ac8532e09f87990505c8090de
SHA256 c09b51bdc9039b976a55eb8dc7c517d65d8d5f6eadda92d2de27ceee7845b0e4
SHA512 a96322ca61f45875bfdb7b514ce1a95bbc1faba3fc0b7bc7c0af3f05d68c14e47fddff64e595f6bf053df7e1efad3e5f9e33f3bc2e09501c3c20de62864ae1d8

C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

MD5 f7b6141a80401b7d4c405f2253ce3aa2
SHA1 b6b61e24cef962569c6c528ec75c11796300345d
SHA256 ffe92952600acb50f4b2bb89b5648ff370078561209536b7e4aa86e93ace8111
SHA512 a69566a1b48daca191e6ee2cc41cd1a5ebcba925ae8139f75f8d9e290a604c17af42c069054b4bb467f1ca802cd93a42fc3d07174bad9745373eb499fa3eedc7

C:\Program Files\McAfee\WebAdvisor\servicehost.exe

MD5 76027a5320029c3c9142b2a161d15db6
SHA1 28fd700106515c05dd201c92d2adcd4197552369
SHA256 1e884f809c1694dda2b8f72821150551d081df986390407ad3e5dfee0aeb9bc2
SHA512 9843daa1c4803a04c10d95464cecfab12247117ef320596df356395ab7002f9a3b7dbffd5c312d737fdb816a65c95ffbff854c6c71eb878d91c85515315c2003

C:\Program Files\McAfee\WebAdvisor\SettingManager.dll

MD5 02c54ec347d843f0a1955f2e6f357ed6
SHA1 db990e68fce21c96f08c963c471dbd5caabafd26
SHA256 e2bcdb6f727696b41a61caf8ab57c70f768ffacb1916fc74dd4f3909e5547d29
SHA512 4e044ed0a61f13e02fdfaa33579e1ad9ccbd06154d3bbf50bf14201ca7b8e7c993ab08dadabdc41aec18b643a063f18d29ca64c23242b5ee2de66ec0d636df9b

C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll

MD5 b0ae5ded4622cdbbe31ca82523ba7485
SHA1 926200c448534756f8f23fb76f92a2f8d3bbbb72
SHA256 bfc67e45e5649303a955aa52cf7cd77a858664331522d8985c9bf29a7b87c2cf
SHA512 53b91159bd53705ff1745b76242d0f675e89119954ee32886b60ce9759d6b335823c916d321aea49f62591e975a1770862d2c0fdfbaa467c723af3b69da14ec9

C:\Program Files\McAfee\WebAdvisor\AnalyticsManager.dll

MD5 a99aa46a8a120002421eed9e5e516adc
SHA1 62a6e2bac4242103b928a862a77b38cf3f13244b
SHA256 e2c2838adc5164d641d2c9a503c53e285b92837f34649d32a5b86e2f6a231ef5
SHA512 0cb3b809c294cc367bf3584921009d75392a4d0dfa6cb6f95446ff108a716b72e4e22072bb600a3b26e38a25e9bc161efd139f18044a8486257f5d21c798a21c

C:\Program Files\McAfee\WebAdvisor\mfw\core\class.luc

MD5 753eb219745cfee6a914a0180dc988e0
SHA1 2e508d659b60eac835594a253a45ebaba02e64c6
SHA256 1db54d2e8bd78424a3e0c7d44a84fcc37c198d5b5783ac655c0f2f213e9a9e0f
SHA512 01000364bc3e0f10fe2a436fd9afdc2dc79c596a7da2d2ff8ad7988734283e9877437e251325e9776a12389751e9f9e4a2d5db773f02032afa31f69833b0f3a0

C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsEventsConfig.luc

MD5 3200b22bffa2f6d937ecbf8e1985e923
SHA1 199a3f2d421a325da7ad7ec040206023ca9c90c1
SHA256 8cde800ca498b6780ea66eea000f902df550afa5960ff814438d164477b66541
SHA512 e28be4f1dc0ae869b5c47a5cae1f97d6c951edb6d3249d2aa63fe740ba75e5e04c7483e345103b2623959226c325474e5a3546b05da228d3e3c9cdb17b4a752f

C:\Program Files\McAfee\WebAdvisor\mfw\core\dkjson.luc

MD5 0a3d8993f2864abca21cdea2c1e9e256
SHA1 2e0ffbdfa4e1ddc6a153aeb1c4f38829f981e73d
SHA256 12342eb68b7901d0d43939f8526bf41a2223bd799cc2db3a77c06bf4a3f547b2
SHA512 aee1e12c7ec84cba8e4cb2f23bb7ad683cb642f88e2acf95be9b57e235ddff9e2a00c7cc3ef9dce225427339eba28486e3fe5ee6d4ede3c12c92ca2472cd804a

C:\Program Files\McAfee\WebAdvisor\mfw\core\logger.luc

MD5 2fd59438ac284938befd0758b510d2e5
SHA1 3f71d4ad6e019d35867a02631042ee97a912a3ed
SHA256 cf97c9b723ed56501a38a594732d586b62033baf1b2db9ecb10d1951cda65444
SHA512 7d94ebcc371889dacdf604010b840963563ac4a37d58bbe172fe064be9f731faf41d7a0c889b290a9237f4223b8decb83dd3d86b30bde494e35686410d8e2424

C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\AnalyticsTelemetryHandler.luc

MD5 b34091f751bf6809298212b6289364ab
SHA1 b381feaf508355e3299fa90b1c4929dc79472020
SHA256 137d4f6860491908d4a5ced5d681ead47eefda65a4bf0228192ac17628680693
SHA512 743df2b2fe17423e4669eb729c7d346736e47c4b2078ac85cac36e9402e289254587e5b24903e4d60f668312efa766585b7e894b9fd4113f6eae25d854900fd4

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 e5b1cb6884ab1031ea33cea04716d16e
SHA1 8f8659089b874c4f56212a64c953fc1aa87d14d2
SHA256 215037362b9007502c7f2a3b1145944d3daf2518e22e01f3da795d1ecdfc8efb
SHA512 14639fea065d81b4f592c7b79853075114acf7a1d1cb142730e249df2db6c8858d3ab403161ac9680380bee2bb863b1b312e08c445ae8b864ef5748a50557d5a

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 c7ca71a7f472503fd07dd8674e70907a
SHA1 c30ba3338ccc2c5b0eec860f64064dbcb6cf698c
SHA256 70bf1ff3b3d6c8f2b0fd141253569f606aca663a21e80cd479049a7346ec600b
SHA512 11943457887df84fa6dd33e1e90ea5f88c3b938eed668bb70e7502d8017a560cdda79e9602135a3e76d276567808192c34093d07de1dc80e8262a7c931ea5a7a

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 e1ee8429edf48a556f6064df148bf8af
SHA1 3ea97b036f2d214490ed60e96da036304284ec3c
SHA256 faf785109b7c450060f0a645cd4ad9ee03bb3d2e4c19634f61eec8aeff2ed1ee
SHA512 aa4b88df3442289d249e0f98776b62a8dee4a7a6d876bf42665e89f09aef4aba148de912e44732779ee276ddbf04996059c7b4d7106bb1b92440ca56323d3bc6

C:\Windows\Logs\DISM\dism.log

MD5 f40dcefb5dc41a095eb710966c75ff7d
SHA1 f7f1f34f4f6c50303737c5aeb976931b1234a57c
SHA256 23c5eba14e492c9124fd15b20ab7d58a90be98ffc0d3d95c28da72c37fae471e
SHA512 6b02e8ae3ec324be589586f96d81a5a9e35c37d179d6715a6d5924bc62e5cf56308ad3fc170e40581d4fa1039c5a5e767ec1a0fa04a41f481a7bec931e7e7daa

memory/2916-2637-0x0000000002D10000-0x0000000002D46000-memory.dmp

memory/2916-2638-0x00000000057C0000-0x0000000005DE8000-memory.dmp

memory/2916-2639-0x0000000005540000-0x0000000005562000-memory.dmp

memory/2916-2640-0x00000000056F0000-0x0000000005756000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jnlpp3no.xmy.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2916-2650-0x0000000006010000-0x0000000006364000-memory.dmp

memory/2916-2651-0x0000000006600000-0x000000000661E000-memory.dmp

memory/2916-2652-0x0000000006630000-0x000000000667C000-memory.dmp

memory/2916-2654-0x000000006E560000-0x000000006E5AC000-memory.dmp

memory/2916-2653-0x0000000006BD0000-0x0000000006C02000-memory.dmp

memory/2916-2664-0x00000000075F0000-0x000000000760E000-memory.dmp

memory/2916-2665-0x0000000007610000-0x00000000076B3000-memory.dmp

memory/2916-2667-0x0000000007940000-0x000000000795A000-memory.dmp

memory/2916-2666-0x0000000007F90000-0x000000000860A000-memory.dmp

memory/2916-2668-0x00000000079C0000-0x00000000079CA000-memory.dmp

memory/2916-2669-0x0000000007BC0000-0x0000000007C56000-memory.dmp

memory/2916-2670-0x0000000007B40000-0x0000000007B51000-memory.dmp

memory/2916-2671-0x0000000007B90000-0x0000000007B9E000-memory.dmp

memory/2916-2672-0x0000000007C60000-0x0000000007C7A000-memory.dmp

memory/4120-2684-0x000000006E560000-0x000000006E5AC000-memory.dmp

memory/5248-2704-0x000000006E560000-0x000000006E5AC000-memory.dmp

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 330013a714c5dc0c561301adcccd8bc8
SHA1 030b1d6ac68e64dec5cbb82a75938c6ce5588466
SHA256 c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a
SHA512 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 2061141f3c490b5b441eff06e816a6c2
SHA1 d24166db06398c6e897ff662730d3d83391fdaaa
SHA256 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0
SHA512 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b001f88504c8c9973e9a3b4dc03e6d1a
SHA1 a54b3046a70a4f2c792ad6a382b637b599f1dc48
SHA256 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd
SHA512 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 30fc7d91864a0ed873961568f7d9c709
SHA1 952b17b8a91b838767bf06cf85bc4288c2e900b6
SHA256 ca6984294487e300d8923cc80427b3a98f46d1f1842b5526115fd23a8345b1f8
SHA512 a7f604ce37a302f3fff3fc823361c065fb66bc93bca6a9200b4f9e664a8dd0f5e865339cdf9ce53c281629dd0ee2ecefe79750fb328a7d28344712f34d3799f5

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 22da5af13f03ef78ab8fa59c7651cf6f
SHA1 58cf7a4b791bbf02759ce937f81ead21f54e7ec6
SHA256 e74c58ef1c1760dc7887f23701b3845706fb4b83e27dcb1170a5798ec0e9bd60
SHA512 2ad133cce6cd32deec6746e354e2d4026137beacd980949d7e26138e18d00b7a046b514b1c4ecf7e1127861f790b681938ef23928f9258bf2b2036e63eb0b02f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 494ca7c260badd68b5f345f1d2c5310c
SHA1 2c7c1a097d93a57a8ea04da39705d5616f365faa
SHA256 aa941c55c1a8bbde223c537b6147177c89ccebc1432b44a02227bf1118e79631
SHA512 2b129018aa8281495a37b3cd9212b246ee32063b847baaf79b9f426eec7374cc6d4e403f164feaf0f4d8c3e341d80751b0dd4a8d4e2fbd158a913b80f9e7d8f5

memory/2716-2892-0x0000000072940000-0x00000000730F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a8c9f80ae062bd88f52a02f84bb959a8
SHA1 51f2f915a68c5d886fe8a92194ab099289bb8709
SHA256 e036977a0871f612fc9cf20dd1e1dd57ca4d32e37c822832d421746eb45c5c91
SHA512 b96c2805cda56f72fa4c42c488ba339b4b9f61b64001cc3306890853db578232967934e55ea5a5937417a612d7ed8654456d444e0865e065bf19cb19e114b4a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4775c8e978f49d8db31f132355a5251
SHA1 8f62f324d44b751a8c190fbc79692295c43ac524
SHA256 6b55945d9d91824762cc935c2f090875370335115a26da03c063c2f04acbfcfe
SHA512 46925dae6512da9d94d11e60fe8fdab67f4d3e5eff5cb822a191002806f895c4d7d9ef552b2e34d434201b69e2b1bc9f2bd41df47712d82567f3ea1fc1463fdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 883334450bea2fb79b99cf57ebc4e3ac
SHA1 570219e2b0031d5c7910e2e38b3037b7d4a7ced0
SHA256 8f84b3783f74903297d52d3b5f98880cadb4efdeea9e4df1ae1fcba59026bbd2
SHA512 9710900cbe27af916f3f50ac4c867d131dfe09dc8d9c4432dfac74aee044c7299579e47f9a2e7c0060203c53f4ca89dd165f083a93f2c3f9cce1a3b0fa86ab75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e52584b0686bc96c5b0918d1b1680ebd
SHA1 f9c241bb68474c368597176b44719ce8088c3d5e
SHA256 b6c258b81504ed739152a475805bd74669d9334f3285fd7de0071afce8ded7e9
SHA512 86bbc6f30af6f5c804ba7aadca5b9afd603b5fe29083ae94cef6e0274ae085627cd5fb0e58a4cb37ca3398759120f22a8ea61b0bee950e541e223d4d0e84720c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a830786fb0b5cd685fa2e88f10c29c8e
SHA1 556192a455f85f60702b34818e40c950b9fd6cec
SHA256 0295876e11cd69c7804d28ac9ec9dfee128a7543419e84f4625336a917e68c65
SHA512 cd721bd660980d2a30949c0e7db0d83ae3e11984b815b24539a6301df27ab18c0dd0db0f5298bafe165a5ebf58178cf6916150db4df3b2c8c1a78c8184dc390e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10ae31ee62b46a2b43892e6dc754bcc7
SHA1 1177564b46e19d622d0a02a8fcf9d51895c3a4c5
SHA256 0f4944696d1e89dabb94025777114a495655f5b76537016e003f04a08fdb93b4
SHA512 c675b398431ace61903506ec5ca3db552e0f8b113dffa52d2fc952cd7fc95b3602048daebed99db1ddb3a606d212310f69747cdaba96e2681c26437168468d3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 450e093dad304204a12cb57f0342f7ff
SHA1 e468d08c206ca2d06a0af73f8c29cb78283f51f8
SHA256 1dd3174b6b3ca303fa905f40bd0df58a937ff023e2467a5e25bde07cd8015fa1
SHA512 ab974efaa59ddaeaf607c8221179c4a87be3ac2afd0301d3c53b65088e65b0f0424a2f3e23a52a7c681fb87f3e781961805b140c7dc2988c7a55ee8dbf3c5fb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea2cfbd3dc793485089bf8811f2b02cc
SHA1 f5d419df43ae6022b5d7812c58f52aa275966c67
SHA256 676cad19028dc76bb0ccfcf8310f91402f78da231673e21955ff1bfe7b4e8b9c
SHA512 bf4c2c3d00f2876cee3d730258d9b3db51ada00e6c181cfe898a0b91616c5a62639e99ac2c799116dfc1553e43cdfc3dbff0b49b0c224e020697667c6c778a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e2c5.TMP

MD5 3d464a3b02fe7a8f6040fcb5ff2eb4e4
SHA1 fe21650cc884a90a5e89df3a44bd0700c72aed24
SHA256 8ba8d960cb6f211b6c46e70563ebd40683a66ac03f9cae924225c81917c1c432
SHA512 ad8400f79320e50c1849846bac1ba1b281a3f311405642dddb5d06a36c55d5d0995a0713ab18974d40cded3e43166fbba472932baff42eab587aaa605ec1e81f

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 3173bb60feb54071e1097e5c117b9176
SHA1 ad6570bc07114985509c65ec52a6088b19709f76
SHA256 80ffcb2b66e286abec0828dda716b838860c9f2617b91eda636f9c1cfa4314a6
SHA512 7424694f480ff60c8ffcd5338c51a8c238f73c8767beeb4e826d6a01b8afd57930ae2f7c494ccaaeee3d5dfafbc61285d2ec662e8fb30b9a966e0abd12c002cf

C:\LDPlayer\LDPlayer9\device.ini

MD5 94d32acb6b099c7a87c8aba12546a59b
SHA1 18c98b6ca1f9b4dba44e859e088abace95303ee0
SHA256 29695f4af54d611adb6e12f41c8a23398cbcdfcbdb02d19df40213886ac5b8fb
SHA512 28955fe59441755879f8f98df386947d5eec5bd1b64113d2e1fd04ae6628900b1155d35f810df576d4de6a030b9b1f9bb7a6b1e94a6c5a9f699173bbd3f9af6d

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 3c29a83214d2af649c4ffffa38ef6a70
SHA1 8ef8b0ddb44e12d947b8cf792ee762541497a47c
SHA256 73480364dfb11588ad84dc13f962dfcb47769d4d1b26bb12a686cf978de1be01
SHA512 9a3af70a696efe6aa81b6526f995b57b066320568a74979846b323634310ac2ab80a4b4b70231e27f24093b103b0d71e0915e858de2165d64f83dd21c558fa7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d1ee7c537a9b7b8b43f7446567d7a75
SHA1 c879f1a95651c27e99ac3789fe1c28a4088d2372
SHA256 cd0c5fb888cf75a8f3b509b58b62ff80602061dbf2e43cfa600e85173f96fe79
SHA512 f2250cdfdcde2d54054b8e442ac8fe6a6c77b4f72a1f9eea47340304b00c22ad888c7c46e3fa4c47781a55c8b905c033fc919db9cb216efea5e969029aebc3b9

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 b7e8d5edfe0b6d1d19ba46d947bd1d5a
SHA1 69f5b34a8cd4867053ffa753b865c9e35de8f698
SHA256 90527771ea702e99d34eaa6ecb4cc083b2fdade1e3fb03d502f7ea30ee0143cc
SHA512 61133a37c22fae060d3c6a335df1437fb740e7944b42ce441e7a3784d23c87bfd9ed18dde3c746542828440ad7e7013e9d4b1079678ad07b17e1eb72046aa30d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d493b9f801a4b56a8146df137fdafebc
SHA1 72a6430f86ee16fce889818584da17e25b413458
SHA256 ccc62c741253733a02539feb53a11ea1ccaea67aa2a50429b3736ec54a5bb923
SHA512 0001a6c065b0291bd1fe85b8e2a78e5cd378486df1a6b52cf63846598f7fb69e8fe9f1c08e02cf85e7d1abd904b2cb48be93e0e0e62cf6603fb918bf5d9bd52a

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 9442b55af4ccde389944a216527b4b0b
SHA1 2c9c542d8d5e8cddc3a87a432cab4e4df821c3bb
SHA256 87668b860033ddd74fe8c3753165171cbd424547edab225a86e65ef856c4e2ea
SHA512 1e0ff576325d0280a1ff82c41ad0546a7a3c465c6a69487738818fa52f9a9d8b0bd3d517ef4842a10488cd02a5b45981f168e1576edad8182ac82ca4971a9b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3884644320cb179262b521a5fb9275d
SHA1 bcaff318cadba4681dbbbfe8b95429633581b83e
SHA256 8e5b5972d90e6116867c5c5f0a9d52887ad8ca00701433d82294438cdb910427
SHA512 097cdff8e4f1e44da8f4929f5301a13fbaa2de9b59e84fb1f7ad1c49d876a21b59bdba04c3b6e818d4c641d925aa7398873fa8661e8b71a9b3d3dd894c0da445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb972f1dba12a349a2fd6149d3543a2d
SHA1 c55cf4c57371db59c3df546b10595bd2ac094df2
SHA256 33c7bbbdb435573dc18d5e364812662f7f04b81194e07bc24166b80645cddd58
SHA512 1d2ee622646560bdbb22817e0337a6974501c2048c9ef41ab63e82f499c840ff4900d831be0d1162b867f8b9d0de9f244789ca2d485645d36ca22c943c03249c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8e5843cd7e486aaf665e5b1bf10d0ac
SHA1 1d0d76cc306d42b742dd0a9e35465879eb3fa643
SHA256 737339b8c1d34c7bf195c56fb34e80c3a4ee16e1cc9c9c233f77d86f885e3f01
SHA512 7b58931b5bc717c611dd1ce435c1cfdb9a8c09eb4dc39d75873ec52b603db8abe0f015e747ea6388ab8752607578256e6e7f49eff5e48c25e6495f3a58b07837

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c2f15ea0b677d09d7aa77c5190188ec
SHA1 6bface8284fb9aac423e2045f82af23777926335
SHA256 490e55b911c0b49492d7b0526c7e19cc064549471e451f839164c4e66de115f9
SHA512 fa5b423c5f1be5438eff30745f15de325a0602ddb0a4fe7a0189a97e026fe31f913c64f4fec614bdca3d384584b10b90e0e8ef632aae20b9bd1d0f294124cc15