Analysis Overview
SHA256
8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4
Threat Level: Likely malicious
The file LDPlayer9_id_1005_ld.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Creates new service(s)
Manipulates Digital Signatures
Drops file in Drivers directory
Reads user/profile data of web browsers
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Event Triggered Execution: Component Object Model Hijacking
Drops file in System32 directory
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Runs net.exe
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-13 03:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-13 03:42
Reported
2024-08-13 03:45
Platform
win11-20240802-en
Max time kernel
151s
Max time network
147s
Command Line
Signatures
Creates new service(s)
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\FuncName = "WVTAsn1CatNameValueEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-PT.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\suitestatus.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\af.pak | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\operations.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Xml.XmlDocument.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_event_hub.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Dynamic.Runtime.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browsernavigate.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\dataset.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Runtime.InteropServices.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2402300030\jslang\eula-en-US.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionconfig.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Security.Cryptography.Csp.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAuthSimple.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxTestOGL.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\user_welcome.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2402300030\mcafee_pc_install_icon.png | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\arm64\rsJournal-ARM64.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Diagnostics.Tools.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ja-JP.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qwindows.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\UICommon.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\McAfee\Webadvisor\Analytics\operations.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Data.SQLite.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File opened for modification | C:\Program Files\ReasonLabs\Common\Stub\v6.0.6\Stub.exe | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxInstallHelper.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCAPI.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserinformation.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_ai.js | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Resources.ResourceManager.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2402300030\jslang\wa-res-install-zh-TW.js | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\smart_toast_config_selector.luc | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\pscore.js | C:\Program Files\McAfee\Temp2402300030\installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\System.Diagnostics.FileVersionInfo.dll | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\McAfee\Temp2402300030\jslang\eula-cs-CZ.txt | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\4BE8EA94-8DE3-45A0-87CA-12F78E045474\dismhost.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_id_1005_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dism.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0qssuwap.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\McAfee\WebAdvisor\updater.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499F-92C8-8BED814A567A}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\ = "VirtualBox Type Library" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E64A-4908-804E-371CAD23A756}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\ = "IUSBDeviceStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D545-44AA-8013-181B8C288554}\NumMethods\ = "15" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\NumMethods\ = "37" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d4fc-485f-8613-5af88bfcfcdc} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ = "IAdditionsStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CurVer | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1207-4179-94CF-CA250036308F}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\ = "IMachineStateChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ = "IGuestFileEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5fdc-4aba-aff5-6a39bbd7c38b} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7708-444B-9EEF-C116CE423D39} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-d612-47d3-89d4-db3992533948} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ProgId | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ = "IGuestPropertyChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7bdc-11e9-8bc2-8ffdb8b19219} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\ = "ISnapshotChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\NumMethods | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\NumMethods\ = "44" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\ = "VirtualBox Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\ = "IUSBController" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D545-44AA-8013-181B8C288554}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486F-40DB-9150-DEEE3FD24189} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ = "IProgress" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_id_1005_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_id_1005_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=7ffaa80fde0a371eb37cb0b0c890e69cac9dcb7f&dit=20240813034202885&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1005 -language=id -path="C:\LDPlayer\LDPlayer9\"
C:\Users\Admin\AppData\Local\Temp\0qssuwap.exe
"C:\Users\Admin\AppData\Local\Temp\0qssuwap.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Program Files\McAfee\Temp2402300030\installer.exe
"C:\Program Files\McAfee\Temp2402300030\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SysWOW64\regsvr32.exe
/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
C:\Windows\SYSTEM32\regsvr32.exe
regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=393798
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Program Files\McAfee\WebAdvisor\UIHost.exe
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\4BE8EA94-8DE3-45A0-87CA-12F78E045474\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\4BE8EA94-8DE3-45A0-87CA-12F78E045474\dismhost.exe {DF3D3D03-2E6A-4EEC-8F50-2BAEC44085F6}
C:\Program Files\McAfee\WebAdvisor\updater.exe
"C:\Program Files\McAfee\WebAdvisor\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff817733cb8,0x7ff817733cc8,0x7ff817733cd8
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13525987445590544849,15505717450069222167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 18.172.153.86:443 | cdn.ldplayer.net | tcp |
| ES | 108.157.108.196:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.244.67.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.108.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| ES | 52.85.187.85:443 | d1arl2thrafelv.cloudfront.net | tcp |
| ES | 52.85.187.85:443 | d1arl2thrafelv.cloudfront.net | tcp |
| ES | 108.157.125.77:443 | encdn.ldmnq.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 216.137.34.105:443 | d1arl2thrafelv.cloudfront.net | tcp |
| ES | 18.154.22.44:443 | shield.reasonsecurity.com | tcp |
| US | 44.237.252.113:443 | analytics.apis.mcafee.com | tcp |
| ES | 18.154.22.44:443 | shield.reasonsecurity.com | tcp |
| GB | 92.123.142.66:443 | sadownload.mcafee.com | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| GB | 18.154.84.124:443 | update.reasonsecurity.com | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| GB | 108.156.46.124:443 | electron-shell.reasonsecurity.com | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| US | 3.86.130.103:443 | track.analytics-data.io | tcp |
| IE | 52.111.236.22:443 | tcp | |
| GB | 18.239.236.103:443 | apiid.ldmnq.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| GB | 23.214.142.196:443 | home.mcafee.com | tcp |
| GB | 92.123.142.66:443 | sadownload.mcafee.com | tcp |
| US | 44.237.252.113:443 | analytics.apis.mcafee.com | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| ES | 108.157.125.51:443 | cdn.reasonsecurity.com | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| US | 52.4.144.18:443 | track.analytics-data.io | tcp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 92.123.143.232:443 | sadownload.mcafee.com | tcp |
| US | 44.237.252.113:443 | analytics.apis.mcafee.com | tcp |
| US | 44.237.252.113:443 | analytics.apis.mcafee.com | tcp |
| US | 44.237.252.113:443 | analytics.apis.mcafee.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| ES | 108.157.125.105:443 | ad.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| GB | 163.181.57.238:443 | en.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| ES | 108.157.125.20:443 | encdn.ldmnq.com | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| ES | 108.157.125.105:443 | ad.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| ES | 108.157.125.20:443 | encdn.ldmnq.com | tcp |
| NL | 172.217.168.246:443 | play-lh.googleusercontent.com | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 79.133.176.235:443 | res.ldplayer.net | tcp |
| GB | 18.239.236.103:80 | apiid.ldmnq.com | tcp |
| GB | 18.239.236.103:443 | apiid.ldmnq.com | tcp |
| ES | 108.157.98.31:443 | cdn.ldplayer.net | tcp |
| ES | 108.157.125.105:443 | ad.ldplayer.net | tcp |
| ES | 108.157.118.26:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.239.236.103:443 | apiid.ldmnq.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/2788-12-0x0000000005B40000-0x0000000005B50000-memory.dmp
memory/2788-13-0x000000007329E000-0x000000007329F000-memory.dmp
memory/2788-17-0x0000000008130000-0x0000000008146000-memory.dmp
memory/2788-18-0x0000000073BB0000-0x0000000073BC6000-memory.dmp
memory/2788-20-0x0000000008730000-0x0000000008CD6000-memory.dmp
memory/2788-21-0x0000000008670000-0x0000000008702000-memory.dmp
memory/2788-33-0x0000000005C90000-0x0000000005CD4000-memory.dmp
memory/2788-34-0x0000000009150000-0x00000000091EC000-memory.dmp
memory/2788-35-0x0000000005D60000-0x0000000005DC6000-memory.dmp
memory/2788-36-0x0000000009B90000-0x000000000A0BC000-memory.dmp
memory/2788-37-0x0000000002F00000-0x0000000002F0A000-memory.dmp
memory/2788-38-0x000000000AB90000-0x000000000ABE0000-memory.dmp
memory/2788-39-0x000000000AD40000-0x000000000ADF2000-memory.dmp
memory/2788-40-0x000000000ACE0000-0x000000000ACFA000-memory.dmp
memory/2788-41-0x000000000AE50000-0x000000000AE62000-memory.dmp
memory/2788-42-0x000000000AEC0000-0x000000000AEE0000-memory.dmp
memory/2788-43-0x000000000AF20000-0x000000000AF52000-memory.dmp
memory/2788-44-0x000000000AFD0000-0x000000000B036000-memory.dmp
memory/2788-45-0x000000000AF80000-0x000000000AF9E000-memory.dmp
memory/2788-46-0x000000000AFA0000-0x000000000AFBA000-memory.dmp
memory/2788-47-0x0000000073290000-0x0000000073A41000-memory.dmp
memory/2788-48-0x0000000073290000-0x0000000073A41000-memory.dmp
memory/2788-52-0x0000000005B40000-0x0000000005B50000-memory.dmp
memory/2788-53-0x000000007329E000-0x000000007329F000-memory.dmp
memory/2788-54-0x0000000073290000-0x0000000073A41000-memory.dmp
memory/2788-55-0x0000000073290000-0x0000000073A41000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
| MD5 | 143255618462a577de27286a272584e1 |
| SHA1 | efc032a6822bc57bcd0c9662a6a062be45f11acb |
| SHA256 | f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4 |
| SHA512 | c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
| MD5 | 36d26660020002cbb57bc855dcdcfacb |
| SHA1 | fff0c9ec668a437c12138bf4f17145c79c2e31ce |
| SHA256 | 1f515b4489b1658d214a2de7396cea76770513dd24a38050a1ba781b80aa55cc |
| SHA512 | 8cf4f6f3cd0752d682b72d0a6db2eae103ea6ab12740c4ad78be23ca696598239c211849823df1633279177f26cde4f94cc20fd0237a9216e924c787ac48fb76 |
memory/2276-69-0x000001B3F2AC0000-0x000001B3F2AC8000-memory.dmp
memory/2276-70-0x000001B3F5680000-0x000001B3F5BA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0qssuwap.exe
| MD5 | 0cabcfa08f7f8f277a072f0ee8e258a9 |
| SHA1 | 12466998256bea3a36b77a94961ac84d5b6c7ebe |
| SHA256 | ccd3ae59bb523021328f39ab484ae934ea3cae1a9a8abcbfc0f67964c67fff30 |
| SHA512 | b5854587e53bcd80e1729c77a000516ddf1df8d9b3bf9ff1cf6c007611024161796f91eb8329dd58ef919b04fea5e37b7d60dcbe2a1461edc2773d46fd32dc23 |
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\UnifiedStub-installer.exe
| MD5 | 493d5868e37861c6492f3ac509bed205 |
| SHA1 | 1050a57cf1d2a375e78cc8da517439b57a408f09 |
| SHA256 | dc5bc92e51f06e9c66e3933d98dc8f8d217bc74b71f93d900e4d42b1fb5cc64f |
| SHA512 | e7e37075a1c389e0cad24ce2c899e89c4970e52b3f465d372a7bc171587ed1ee7d4f0a6ba44ab40b18fdf0689f4e29dfdbccbabb07e0f004ef2f894cb20d995d |
memory/4608-199-0x0000025E4D690000-0x0000025E4D6D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\rsLogger.dll
| MD5 | 1cfc3fc56fe40842094c7506b165573a |
| SHA1 | 023b3b389fdfa7a9557623b2742f0f40e4784a5c |
| SHA256 | 187da6a5ab64c9b814ab8e1775554688ad3842c3f52f5f318291b9a37d846aa2 |
| SHA512 | 6bd1ceaf12950d047a87fd2d9c1884c7ac6e45bd94f11be8df8144ddd3f71db096469d1c775cf1cb8bc7926f922e5a6676b759707053e2332aa66f86c951fbc0 |
memory/4608-201-0x0000025E4D640000-0x0000025E4D670000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\rsStubLib.dll
| MD5 | 3bcbeaab001f5d111d1db20039238753 |
| SHA1 | 4a9c0048bbbf04aa9fe3dfb9ce3b959da5d960f8 |
| SHA256 | 897131dd2f9d1e08d66ae407fe25618c8affb99b6da54378521bf4403421b01a |
| SHA512 | de6cde3ad47e6f3982e089700f6184e147a61926f33ead4e2ff5b00926cfc55eb28be6f63eea53f7d15f555fd820453dd3211f0ba766cb3e939c14bb5e0cfc4c |
memory/4608-197-0x0000025E4D0F0000-0x0000025E4D1FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\Newtonsoft.Json.dll
| MD5 | 4f0f111120d0d8d4431974f70a1fdfe1 |
| SHA1 | b81833ac06afc6b76fb73c0857882f5f6d2a4326 |
| SHA256 | d043e6cde1f4d8396978cee2d41658b307be0ca4698c92333814505aa0ccab9a |
| SHA512 | e123d2f9f707eb31741ef8615235e714a20c6d754a13a97d0414c46961c3676025633eb1f65881b2d6d808ec06a70459c860411d6dd300231847b01ed0ce9750 |
memory/4608-203-0x0000025E68380000-0x0000025E68432000-memory.dmp
memory/4608-204-0x0000025E4D710000-0x0000025E4D732000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\rsAtom.dll
| MD5 | dc15f01282dc0c87b1525f8792eaf34e |
| SHA1 | ad4fdf68a8cffedde6e81954473dcd4293553a94 |
| SHA256 | cc036bcf74911fe5afb8e9fcc0d52b3f08b4961bcda4e50851eda4159b1c9998 |
| SHA512 | 54ee7b7a638d0defcff3a80f0c87705647b722d3d177bc11e80bfe6062a41f138ef99fc8e4c42337b61c0407469ef684b704f710b8ead92b83a14f609f0bc078 |
memory/4608-206-0x0000025E4F080000-0x0000025E4F0AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\uninstall-epp.exe
| MD5 | 79638251b5204aa3929b8d379fa296bb |
| SHA1 | 9348e842ba18570d919f62fe0ed595ee7df3a975 |
| SHA256 | 5bedfd5630ddcd6ab6cc6b2a4904224a3cb4f4d4ff0a59985e34eea5cd8cf79d |
| SHA512 | ab234d5815b48555ddebc772fae5fa78a64a50053bdf08cc3db21c5f7d0e3154e0726dacfc3ea793a28765aea50c7a73011f880363cbc8d39a1c62e5ed20c5a9 |
memory/4608-211-0x0000025E686A0000-0x0000025E686F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\Microsoft.Win32.TaskScheduler.dll
| MD5 | e6a31390a180646d510dbba52c5023e6 |
| SHA1 | 2ac7bac9afda5de2194ca71ee4850c81d1dabeca |
| SHA256 | cccc64ba9bbe3897c32f586b898f60ad0495b03a16ee3246478ee35e7f1063ec |
| SHA512 | 9fd39169769b70a6befc6056d34740629fcf680c9ba2b7d52090735703d9599455c033394f233178ba352199015a384989acf1a48e6a5b765b4b33c5f2971d42 |
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\rsSyncSvc.exe
| MD5 | f2738d0a3df39a5590c243025d9ecbda |
| SHA1 | 2c466f5307909fcb3e62106d99824898c33c7089 |
| SHA256 | 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21 |
| SHA512 | 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 203a048e75440a7a52082d5c52a64b57 |
| SHA1 | ca22ad661519a33b0b6f17acc65531773df7e5b5 |
| SHA256 | dda8e2ab8d8107769f3f7189b92f51528550ce02b8002880cc473dd632f13506 |
| SHA512 | 9c41c27416eb571c082b248bfa150d0d9deb4f67820537099766e5726d98e9b0d1d46f230319ad580488eb39ac763214b30df101aaad28d9c2b61af66922ebf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | f9b3b7a585a03425a35a4b7ac43ebffe |
| SHA1 | 3d414f8e59faa4211a13ec264643258191415754 |
| SHA256 | df18e3aa74d2db240fadeb3181dd27273b194f36697108287a9d5725333d4e21 |
| SHA512 | 26023765c44a970b9dce20f7251ede55aae39c1e878d3a3f2903784faf63d709f1ffbc1e9b2670cf30fefc3b6212185f04f23439c7fd4c3bf59f1d25337e50fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 2b88025d74ee52b1ffc48261d720f883 |
| SHA1 | 69ef971351d75c9554507b470bf3de68651933a9 |
| SHA256 | ed2ef92911eb712e58bf272e076c792a8a5afe77741e10a87ac47c5ffb0797fc |
| SHA512 | 8c2de832be23e7e09f2971bb3b2491b72e2c5f8933ec88fc3f68b7d7d7974f86a89dde03e1380014e00abb144f13d4e6bd0bcbce9bca6d9f0a30418a4de6aada |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | a1d5d0e9f455534ed2348b35ca4f92db |
| SHA1 | fc07d7e3bc696144671fef405c635afc4a49e1bc |
| SHA256 | 7dd61ddfb5f76f9a32c10ebe97af6da0c1b5153e2a17d57ae1de4a00f8b2ccb1 |
| SHA512 | 3a02e49686ee5da1914b923a9023b761acc63bdf2a155055244cbc60c1262475afada3a5efaee453041b7876c9501df51e2999bf6a394120e0c39967524c1f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | e96712ab482f09639dae11f46d40d82e |
| SHA1 | fea3e9ece4a98c6b32ae7f8a151a81fcd5bf2678 |
| SHA256 | 32e7774e6579a24b8f2b4dda6717a56ae5a49e35ccdfa313545d2d45d8dada40 |
| SHA512 | f824d5289b7ff2815ffb55e585d4fa2fcd989becd97dee201554eab52b1fda7a67144c90298f80d57f66ba55a6ae6bd5e548181dd8e5eec42860c30d6fd36723 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | e03ae7b2282b5df1ded3516e6f3dad1d |
| SHA1 | 8cd3eb994ef999e76b27df9a12712edab2672f4e |
| SHA256 | 54ce04ca5d8d3e7bdc7737b42d5a9cbfc09b316399395a022799140f1f9f40b0 |
| SHA512 | 7c1ba2e4f6fd7b096a78785510a5433b3b5c85152811b321bf8e6afb06f00b800e1a9cf96554645e197c1919ac07114c879997bcfdc6f6b0b9b6717140e07788 |
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
| MD5 | 6c847932d63660b0e0ad0b0a4b9780d2 |
| SHA1 | 17139565a23b4a6cf1891296c8d1607ec7653a94 |
| SHA256 | ed60db47b383ab1f4f50b8542d22ce992c31f450ce9d33b946a84e0ebfd3cde4 |
| SHA512 | f8bb7521fb8f24dd12ef7e59731bb5e68cac0d75ad547216d97b6069e0ad48dc9a25c7917f760841df1604fbe43335ba039c299c3e2199eb6b1f8b53c4fd6b75 |
C:\Program Files\McAfee\Temp2402300030\installer.exe
| MD5 | 7891a2a1d8a263db846292708a8ed1f0 |
| SHA1 | 4044ea34ca9d112133e3aa5aed14a7c0ea952d36 |
| SHA256 | 6bf9a3e9f2874cc5474dc107a90c0484cf26c9c817a2f23a7e004b4e611180c0 |
| SHA512 | 00abdd3086e0528063216fbb44b9bbd18890b7629579361b54f751e8a22e0a3ee4f05a483ac4c3188ebb2c85c45f6a5922e7f1db3beb1ca0303c0fcf122a220d |
C:\Users\Admin\AppData\Local\Temp\mwaD50E.tmp
| MD5 | 662de59677aecac08c7f75f978c399da |
| SHA1 | 1f85d6be1fa846e4bc90f7a29540466cf3422d24 |
| SHA256 | 1f5a798dde9e1b02979767e35f120d0c669064b9460c267fb5f007c290e3dceb |
| SHA512 | e1186c3b3862d897d9b368da1b2964dba24a3a8c41de8bb5f86c503a0717df75a1c89651c5157252c94e2ab47ce1841183f5dde4c3a1e5f96cb471bf20b3fdd0 |
memory/5048-418-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\browserhost.cab
| MD5 | 41840bd10dda1409adf6d83175c0d981 |
| SHA1 | b363a2922f5d69e22641bdbc3d070de324ae2d1f |
| SHA256 | a94ff5f7d7b84a416eca7f6f42d9bd012d1051b91dc574633429bce822f51c12 |
| SHA512 | 8828623e4965c88ea631010f2ede2e1c42b26183a00e50f665c37fff930956a7b4089629e24a728210fe61389dcc109386629280c3a5457e6072fe7ccd3820c1 |
memory/5048-420-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\browserplugin.cab
| MD5 | 253337eb5d13a9f79378de0904b0e448 |
| SHA1 | 5dcf4b41d3ec3eda26e7e25c9221643b62468962 |
| SHA256 | 05c9b53b895f9c79eb9e429f2bd11651a4b51018b9151fefe41d835212d515f5 |
| SHA512 | b7e2d2eb1dc29e1f5b87f73133ead258776aaf2ae21ba43d21d1fb91c61079cfd649be6c1aa2c2d9aa9982a1ba86978df18f677cec7b15919b1f2d44c888eef1 |
memory/5048-432-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\eventmanager.cab
| MD5 | cb3c3baf9d0f30958c3b9df32352a058 |
| SHA1 | ca427e00cdaa32f39fb4a6df8ba1aff5b8200f16 |
| SHA256 | 054ef467f43e73d3c5687966e8a2be5fe41ed099875ba179ea6a446cb8b75ee9 |
| SHA512 | 9567c4fc176e31a5ee06769f103c8d4d03ef6b873827b3efffc09c4329620c1d817ccf641004c419e4438f69820681b223a185ad415991be3af70d60f70ab3f2 |
C:\Program Files\McAfee\Temp2402300030\l10n.cab
| MD5 | fca9378018e30742bc2c1fdac03fad41 |
| SHA1 | 46f9df6312920424d3f20914dab59874551f57ba |
| SHA256 | df2a4c968dce5c9a03ce10e2d0ffa243fd20b94e0d1f60d49a2709353efc4a02 |
| SHA512 | 0d39532169b19f240779129ecc49b4e582373350d51b73f3cfc91cf0b655f7845df48c57a219391926cd3105a5825f55a14db28c76be9ed9e8d9d4bfc5e54b78 |
memory/5048-437-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\logicscripts.cab
| MD5 | c1adad2f314d114594aead6816ea02bf |
| SHA1 | be8e53c61500376514848d007115293c88ea9b6d |
| SHA256 | f27e1c439d4c9ca4296b7c463ce76ea15870dbb8210c58ab4ca5f20d01112f7f |
| SHA512 | b6b5f50b81c24d801205ae9234ba5ffccdf25fe6c557fe284c83d80c7d0eac9e4f6ce5d3b2804484626269166f418476433101ab916bbfdde6535cefb876caa0 |
memory/5048-469-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\mfw-mwb.cab
| MD5 | eeba6fe0bf59eea07384faea7b8b57e7 |
| SHA1 | 8a7bc85e488c3063ad6fd644eaf66942d28be34a |
| SHA256 | d2c592dcd51c0ccf979634bb969eda7b4b3d69d5e9b225fe15b5a0a9a8a0a45e |
| SHA512 | 8daba71ee57042972f796afecf3c7020020a4951bc1b9fd4c867935c6539bfd85e78c794e27e99912aff7d0d2d0ddb37e727de1955fd044dd36dc8b8364a9837 |
C:\Program Files\McAfee\Temp2402300030\mfw.cab
| MD5 | 320a057206bdb5a7ce1a6cf9e7502557 |
| SHA1 | b851e2d941f013b74f64e50130481711460fd3a3 |
| SHA256 | 9f5c0192d1e924a9e3ef4590ec4f2483bd59da98227bb24970180b000759055f |
| SHA512 | 1393d881255bd5c7562cbc956f112d2945af6fb53a3e80744f58702211df72cc549ff02d824de3f681f38b2dac45367db3f74d12b94328e4f7942d6c2b213bac |
C:\Program Files\McAfee\Temp2402300030\settingmanager.cab
| MD5 | abdcda6e45d446e3fac2227f1086b7f2 |
| SHA1 | 850a5bc7abf58be91a844ce0f4bd91a587978d2e |
| SHA256 | eedb70f956d92e3e2d7512f59c8f00637ba8f6dbc38ce357fcce0043a262006b |
| SHA512 | d64f13a94f874cb48c6dc6b2c9ab0308df81de1a4d647891961e17da7e5f9da6c2e24e8693307591f9a171c5789816aaaf73727398bde4773e6ee973323018d8 |
C:\Program Files\McAfee\Temp2402300030\taskmanager.cab
| MD5 | 0894bdf9d21c032f464d71b1f5bd31ba |
| SHA1 | 0b60cc31217b1b24971eb39f67ba54291543fd69 |
| SHA256 | 79bd696a281c3eeaf42e5373d46e9caa7993a0ca7d07bb6d9a6e034cd7f999cf |
| SHA512 | e01a49270d2f272c0c984baf32b114a5d294ad463968fd821b82971075333937292c1026a61f135cd1eb851e2ec0d75e7766e2d61b613e40fe144ff7d2222764 |
C:\Program Files\McAfee\Temp2402300030\uihost.cab
| MD5 | d4b05b3d41b6349234b48e6c0a7ad2f8 |
| SHA1 | 8d277c3eedf5a650a1ad25fc43609519aa0b773a |
| SHA256 | 93ba29bcf9b1d61cf1b8ac456141f3c2416506060741f3ee908de59451afc312 |
| SHA512 | 028006c483c103ad2fad92f18fa3ce33b312380fb995d653b9a2d386d6a7b0cb42fbcc51cc8c1a600b7be227be3840ce5afb56c14679db09c27fe317c571df69 |
C:\Program Files\McAfee\Temp2402300030\uimanager.cab
| MD5 | d386a056952aa84bdc20fc2e73075102 |
| SHA1 | 7ecd4accd817e47a6b84c7e6f48eaee11fade196 |
| SHA256 | 73453d0b006e9bbf3c0d47da6740dd058d456e317e694f8c617ffa80874c7299 |
| SHA512 | 9f066df00221376ef5e790eb2c3cff8e70aea16604e5ede23294d1624b2d2746dbc46ada26dd355b15e02cafd2a11cf26267050fe5ccea1ba6a118006fe1de22 |
C:\Program Files\McAfee\Temp2402300030\uninstaller.cab
| MD5 | 9b05a0c33183b3074bf15eb3e4188a08 |
| SHA1 | be04bf97d0120a4da92cc41a8044865a1221faee |
| SHA256 | 1fb7abd4977a7dc6f43113b21a4022b1097475f65cadd6d179ef0368beb28487 |
| SHA512 | 1fc8be40429ea83b3f6fcc8418237613bf2d53efb044a088255026f10b91a422d61b71d472a8b6e45fa5674b08d9036c82fa92277e9bd898cc1fad89f4bed1fd |
C:\Program Files\McAfee\Temp2402300030\updater.cab
| MD5 | c4a33acb72e38f175643df1f4885fa08 |
| SHA1 | 2f43ae32571b98209f06e477e241ace819e9a7c0 |
| SHA256 | b870afb0e5fac44d1ba71dbf40f47991f20b54f8926bd620b2dd2f44975e509e |
| SHA512 | 9488964b486546413019ea070a3d21aabd79e017c23942706c863a9a75b26e3417227e32a10a0e8c61bf3094b26e7a49dd7ed8b33b217a330b9210f3e1357e36 |
C:\Program Files\McAfee\Temp2402300030\webadvisor.cab
| MD5 | eb9dc6e92aaeb766ea0ddd6dc1675f18 |
| SHA1 | 7ebb0b6a317cf2d3240094edf014aab8a5c71f9c |
| SHA256 | a169c580b122ad54087903134984b54b6aa2deb76faf0f1534ff621ce7a8cc2f |
| SHA512 | 9f0e3d1c30ae3e5739c821730e5ba9deda71f425ae92b7a4ab00b29999db8d49dfb5d58ef4ed7b91ab8133ddd8fa2bcc709c8d5240c03cdee7a4c6ddf4b6cfec |
memory/5048-532-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-643-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-641-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-637-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-636-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-635-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-632-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-628-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-627-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-618-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-611-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-609-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-607-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-606-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-754-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-823-0x00007FF604910000-0x00007FF604920000-memory.dmp
memory/5048-816-0x00007FF604910000-0x00007FF604920000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll
| MD5 | 6b8f4f525f49f76d673ddb7d8763b14d |
| SHA1 | dc1110f8706baa9d3ebf25a503ec34442bcb5b1a |
| SHA256 | caa333d19234f8ff90119ae0361aff6f01c74332851aae149f7f56f7c6b5a934 |
| SHA512 | d7a195eaa57f188565de096fff7c6e24535644fdd3ff0ea9a3b0b881e40d49a28b2ee30555b723d9714642331b309547fabdd13637f0d4889fde0a01774b69f3 |
memory/5048-795-0x00007FF604910000-0x00007FF604920000-memory.dmp
memory/5048-786-0x00007FF616010000-0x00007FF616020000-memory.dmp
C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
| MD5 | 4ea91a66a588314d28db2bd84568aab9 |
| SHA1 | ffbeed2b347f56035a0eecf5bc03934d69d2ae13 |
| SHA256 | 257a14d199f6cbfcadab22e20e0a45692f151be6d3385e2bc53b761197f8b3b2 |
| SHA512 | 76cb2a00eb94cec292d25088ff9950a186cc73ec2c79e42294657c22cc7c31d866526d8a464c06bcaa4a102f9d914ab470c96e4545e70dbb76293ba50c7914a7 |
memory/5048-785-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-745-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-743-0x00007FF616010000-0x00007FF616020000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\x64\Reason.ArchiveUtility-x64.dll
| MD5 | 366231ab413d0ce3ad65b38b4ab3e4a6 |
| SHA1 | f52e1886563137a4124d3096d7ede5ce1cd1e578 |
| SHA256 | ed349b2e11a4c6ada76a72f2462e84551d5451088212a6e0d6fbf4904c8cc19d |
| SHA512 | 55b7e9ecab6893331f9cc045a4d60b971fb208ca6f2c12592de98f91389413f9bd5f50460f06507a9cff650b4cec73c61a633f30d1ba869b2ecc93c5a3aaaca6 |
memory/5048-740-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-731-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-728-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-716-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-713-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-707-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-701-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-696-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-604-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-601-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-592-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-571-0x00007FF64E350000-0x00007FF64E360000-memory.dmp
memory/5048-566-0x00007FF617E80000-0x00007FF617E90000-memory.dmp
memory/5048-548-0x00007FF617E80000-0x00007FF617E90000-memory.dmp
memory/5048-542-0x00007FF5EFAC0000-0x00007FF5EFAD0000-memory.dmp
memory/5048-512-0x00007FF616010000-0x00007FF616020000-memory.dmp
memory/5048-505-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-504-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-503-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-502-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-501-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-500-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-499-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-498-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-497-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-496-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\wssdep.cab
| MD5 | 665c741b1f80de536088d951f0bc793c |
| SHA1 | 184f5a895a746de1a1c707cfb68d40745fef3f56 |
| SHA256 | abf588228567d558edc7adb950f5ac4067746564eacfaf6364611573bcad9909 |
| SHA512 | 4929819e0d7b5ff9dc240e928c1cad96bc457d5f90c81949e6b481ab7ba3fc3e600c7a3e3b7bac435cba5626e336aeb03abe299efeb5c3c4c7fd3fc968ed3bde |
memory/5048-506-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\wataskmanager.cab
| MD5 | ac05241d59f482ea308ee71758098453 |
| SHA1 | 2203c08527c24f9c55e46ba700be1cf0383e741a |
| SHA256 | d6b07588cc9f523f4fdb35b904a954ff594237f9330d68dbd7ea61751445464d |
| SHA512 | 4f1bda65555dbb4c4ece4c8e45c11de74267c373f92ff46811011894f72c72a3326e5ce96f90f39f4e94d9d9c89152e0ebeefb09539329d06b12e79f905b0bb3 |
memory/5048-489-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-487-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\telemetry.cab
| MD5 | 656d5d8d3bccf3dddb443eeb6556dbe3 |
| SHA1 | b9c77ef1b9f64f2533086b9fc2024728b3e33034 |
| SHA256 | b09b64ea667d7638b054217d617dff83b3e2b0fec92271c4228df324124f4ef8 |
| SHA512 | 6b2a29d66ec4663cdc14137a26c663a239fae440bd6a23f07d1e585fcfc4cfcbcdc8df08475edfcde012c808b67be70e30811b13bfcc0ee80b612fee3dfd38fa |
memory/5048-485-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\servicehost.cab
| MD5 | c8a4a500b1930513d44af040a04c3931 |
| SHA1 | 0cebba3d1012035c4799e97457c4e7a6f118d836 |
| SHA256 | a2ec67d5b61acf73159bacdbeb4bc95ffb5a51010ab5bfbffa8600da03180de0 |
| SHA512 | cbe176ee7968ea8d84792f0abe78b049f455902aba5a7c87d3ffff3cd679749d417084e27c88c1dc8de36791ac0ce3b09e0ae9818555e1d0d69deccfc58ac63c |
C:\Program Files\McAfee\Temp2402300030\resourcedll.cab
| MD5 | 05a260ee8a80494001fa1d4c7fa5a357 |
| SHA1 | 029898a55602d45dc656d43585f05748f4a10e5e |
| SHA256 | 5e6b92af5b48255e96cdb4815204b597bcb01332da99f16a33239b30f9b9e2d9 |
| SHA512 | 13adc543ed493498e1cf6d7087cec62e8dab689a9795101cf4df905dc6c3512effbb839e366c9abc1aadfebaff645cf31611e86f215e73d1fd6cb55178fb2d35 |
memory/5048-480-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-478-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-477-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\mfw-webadvisor.cab
| MD5 | 0f79f075560c6c91116f4162c268ae54 |
| SHA1 | b03607d04958038477fd4dd5adb2a2dc0632d6ca |
| SHA256 | f89ab4291eae4b52e1adfa639f1776fb95ed411257a67b274e1f727e859bbc5b |
| SHA512 | f7966211c9e24eeb495a01d8185740a60634de0dfb19e1e5e78ab2c3184086ef256b68f3ca0eec7475302c13eaefe13aecd9d123fe5f3486661de3df51dadaa6 |
memory/5048-472-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\lookupmanager.cab
| MD5 | a447b6c857ae29a8b8f2e3bff007df6c |
| SHA1 | f3d245b7ef702290c82f8b6c35ef973bcc2acc99 |
| SHA256 | 55fb14f82bdb042f9a231dd069451112a2a792e711b96e593e264652c87e3b90 |
| SHA512 | 458838d2f2f9f5f4145db622dc44694a05caec9fb9d61fc7b600f108dfa5b0343dbbd99dd0a92ba938819cf4c5eb641c939cf9616d69f8ee049b8ae750e51d46 |
C:\Program Files\McAfee\Temp2402300030\mfw-nps.cab
| MD5 | b9071741dd0de141bc57f3c43a911202 |
| SHA1 | 9cef3cce37c8094a8609e39908fda7c8ade5b59b |
| SHA256 | ec74a91cfb9d3ab75b0c33fd9f92140d00d2ff0a52d5080a6aa4dcef6834bfa4 |
| SHA512 | 9e665f265f75e010ccfddb013c73e83b1d8b04eddfbc338deca8c982d5faaf4bbe2a9dc872e3d4739ec9ac29f0c74aa650effeea90d3967c8fb75d4c56032ccc |
C:\Program Files\McAfee\Temp2402300030\logicmodule.cab
| MD5 | a56c6d0e52f42d6546dfc17d1b539294 |
| SHA1 | 463071d9de6f6113d6d31890b50a49ca5af67354 |
| SHA256 | 6c9941e674abe2cce976f8bb49d11235b1563281cba8736aed383f9b79eaabf3 |
| SHA512 | 3f4a1211b17db79f276f9ae5ef9855f10780b2f8fce4d0308f672edd34399e6126e3f5694feb3c515d2d6afbd016830a987df28fc4390f5cfdb1d9d9b8e97e04 |
memory/5048-467-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-419-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
memory/5048-417-0x00007FF606F00000-0x00007FF606F10000-memory.dmp
C:\Program Files\McAfee\Temp2402300030\analyticstelemetry.cab
| MD5 | f9424b351f5fd545d96ccc3458777f3a |
| SHA1 | fe13b0160e4cf4340952b4ce120ee4cc4ade29e4 |
| SHA256 | b7cbecfc093acfc824fbddac62e091b8bb04a1d0b59060e34cf715e1d93ae1c8 |
| SHA512 | dcc46a38db86aac6ba7e1083a7a5c0c9ff4aa91cfeee5c0a7ae6eb7f369521d8d575fa4261c3153a56777c851122139e781efff3ada9a1879450abd09702677a |
C:\Program Files\McAfee\Temp2402300030\analyticsmanager.cab
| MD5 | 5be9597eb624a4897d79402c4cd34b6b |
| SHA1 | 0998b43ef247820ddaf7655a3ee527a64b8b41fd |
| SHA256 | 4d2c613e6cdd7ac00025b5da1329d52d63628257ff44a1686ac230f25cac2862 |
| SHA512 | 524937dc6ccfa241f96dcd7c9e9df0be6d8faa680d4b641b8a49cc687884b7e5b3a6939e516e3486c89a3a706f0ff5318581eb05edcf84b8740ff64baf110b39 |
C:\Program Files\McAfee\WebAdvisor\servicehost.exe
| MD5 | ad677f565503dc0f594c523e21c7c786 |
| SHA1 | 4552aab5de1b677ce9c22b686daefbb1467a2724 |
| SHA256 | 417bb7d1796f87f4c281097ea2c6e3af5eefa42f951375edaab7056249500e11 |
| SHA512 | 0dbeb28011aba75b2262826ecb39cd597740aed7d0b0ba24643eedc56d593f9437355f0a953c40e0adfcc2dd16b1e770d1cebc3221c7fe438f6cfc14fca107bf |
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab
| MD5 | bd4e67c9b81a9b805890c6e8537b9118 |
| SHA1 | f471d69f9f5fbfb23ff7d3c38b5c5d5e5c5acf27 |
| SHA256 | 916f5e284237a9604115709a6274d54cb924b912b365c84322171872502d4bf8 |
| SHA512 | 92e1d4a8a93f0bf68fc17288cd1547b2bb9131b8378fbd1ed67a54963a8974717f772e722477417f4eb6c6bb0b3dfba4e7847b20655c3d451cba04f6134c3ab5 |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 2fbbe397f05533da1826f7ebb18cf754 |
| SHA1 | 453efac6ee7f1a8f3108d7723c979e2495107067 |
| SHA256 | 47dbed239e60e31607e4103600df0c5ed81d15b90ffde1fc1f74b192e9d89bcd |
| SHA512 | 60992255daa291146a68da1c2b636c35879e2340820188bbf4de291e001278310f4c24c428db06eb7a41d7e6935f55f64dd0005ddd8e7c53d9b33c6d04d494ea |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 6207cf78b12c384794f45e2655a86a36 |
| SHA1 | 291904efcd0b5ace629fbd4b615a77a07189b3e6 |
| SHA256 | c5de7200bd03cac6653043a048a33c096dc28db2e1fbada37e90538dcd2ea9d2 |
| SHA512 | 937857caec376a544f7cdb44adbb6913fcdfc5f18085101263983a6bc73256f263127f4a900b97743e65136eea061ec18bd56ee70f01f7940b23e21c2d0f9d9f |
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt
| MD5 | 0509ba13dde6a0fd7f97e492a32ef3a0 |
| SHA1 | 004930bdcf8ae1f546d58f714f2695f1ea2e854b |
| SHA256 | 05a45fe2a5e1e254842c831657b8076faa91f184ce3364b62a9f9215a6c2c859 |
| SHA512 | d5b83437e434349a2a770736b7c4cf9c245a3c9e87eb552facc543356f8fea0abecb78a20fce92446afb81bf8523c52ef6520cb9108bf27f83dcba6706eddf3a |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | 81fcc6ce49ea658cba52e24ce4261023 |
| SHA1 | 5f9d5118b94a11de500715df015a377b645e88a6 |
| SHA256 | a2ad3c285d0cd5ff190edc42286f3bb695310d35e134daa38a2425a71da69dde |
| SHA512 | 04e8051034887ebb82e2f735cb87132c266f44416ff751dc0a2a3f592e8e6b83ad2f29a1a656ec07bf0168bcafddfade5acbbc562fb5439b9ab8377298743a83 |
memory/4608-2630-0x0000025E688A0000-0x0000025E688F0000-memory.dmp
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | fcb11ae023b02f3f3afe68cbdecd0f32 |
| SHA1 | 486865ebebdeae59c036ffea5fc613d079b05f08 |
| SHA256 | ab30752603586c284823d22862ff10497064bafdae240083aea6d58155829866 |
| SHA512 | a227f54026f76d536223f9e692251c0683dfcdb0ca3fcdc3ee87fa26bf2dc402fc4bbe94238bade5d23ac5118652ddfcbf299b158d878a6c42ca0abd1717e333 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | f451cef44d1ad7d9b9531ec6c72b159e |
| SHA1 | 88ab6f826648a378cacd5c5497369fd2a69a2f59 |
| SHA256 | 776e53005c0bfa5ee7e4116809b83dfa249e14c4f12d63c3002bc8cf2c2492a7 |
| SHA512 | c31f07c49c1d333fe4646e8a52cc0061cd6c0a1d976a9df2bbb6539036f3cea0fbbe5a70025ee01605549224ff5658fd604b68b8a413344d7d0b2008202c61a3 |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | c34b17bc8f78195442812b5c4ff1da59 |
| SHA1 | 9109d30aeed4439b3fc7811946e1431915fd8fcf |
| SHA256 | b97eb6954110c26b7f4a8a8e2ebc27dfae706f8f71518a1d01d8747ecb4fd074 |
| SHA512 | 7212e36edc49aeb692612c847b69ddf594991b8ad94e3f05be227a55edcc8300f9eec6959871ebe3f8d82f8f8b97aa7ae591287bf7cc34a3d2a26680e5099b44 |
memory/4608-2662-0x0000025E68A90000-0x0000025E68AE6000-memory.dmp
memory/4608-4296-0x0000025E68AF0000-0x0000025E68B2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\618ea139-8b86-425a-abc4-1dfa5b93a59d\UnifiedStub-installer.exe\assembly\dl3\b2402bf6\e3091e10_33edda01\rsJSON.DLL
| MD5 | 1b899a7e7cb09e57e9124d238ee09252 |
| SHA1 | 278579155f59f8647a873541aa0e596f2077c060 |
| SHA256 | 15e065330e041de31cb37f9973d21b7cee45687719d9737bb41dd441a66cd50d |
| SHA512 | 95b6696e1494428c22bb2a1eaa896b60e7aa8f23c1d6b44796381d8177bc2293e7fcaa47109954f9c01946ebacc15ef4b5807dece2ec5a4bbee3b1023633a8de |
memory/4608-4307-0x0000025E689F0000-0x0000025E68A20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\618ea139-8b86-425a-abc4-1dfa5b93a59d\UnifiedStub-installer.exe\assembly\dl3\65146de7\e3091e10_33edda01\rsLogger.DLL
| MD5 | f35df6651eb38de67d1e8d5c47fde178 |
| SHA1 | a52f3266a702afacd3d017ce5728b0484aa3a392 |
| SHA256 | 548317de73925ff05f6fbe7b22c5b97c6c4be33826f365eeb327b5ec9a3b0c8e |
| SHA512 | f3fac6d81a26d0ab1664e81c027472fe3c4517e876d00cc643eab1c2d01e98906dfff351fd94b29f6a5a115ddfe08b81e696d8626d90379a15930faa953b3b80 |
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\618ea139-8b86-425a-abc4-1dfa5b93a59d\UnifiedStub-installer.exe\assembly\dl3\e3909e7f\b1441910_33edda01\rsAtom.DLL
| MD5 | 50aa2656c227001784142fece1575ffe |
| SHA1 | ff1d971b757048734af907643988e7a0456c3768 |
| SHA256 | 144079dd0161a81eca70935969b580f4f3d3f401f819b2bf9cb0be36aa4324e3 |
| SHA512 | c53951a8c08485f9c06529014310cf7895bc523e811a3f3614d39b4a95b56f8f5fa045151e71223aee878cbb7cf209623518012571f8e6a742714878d828d87d |
memory/4608-4344-0x0000025E689F0000-0x0000025E68A1E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8ED9EDF8\618ea139-8b86-425a-abc4-1dfa5b93a59d\UnifiedStub-installer.exe\assembly\dl3\482615aa\e3091e10_33edda01\rsServiceController.DLL
| MD5 | d8a2f9ca19b471d0c78dd6cc874cd46d |
| SHA1 | 701ff0a5cfd6bd74f44cf9d6c6e67c2231ca6134 |
| SHA256 | 9eb05801276f62f5497b5136317c2301fe619a77176f96f417c91fbdd26c500d |
| SHA512 | 752c50b02d54dcc8f2a85de73176574919989d1c9596de5570559f6c70ad09dc183e45c6a3d62413bccc170206f77ab1018cf470fdad21023a5a70a972f7f2ee |
memory/4608-4386-0x0000025E68BA0000-0x0000025E68BD0000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | eb3bcd3a0848530646609a1c1085c46b |
| SHA1 | f4cda2a9fa5d41cd1b7564bf23806d6c4a77eb09 |
| SHA256 | 30f51499302effdd182ce651a294c186a04bdf516865ec12352af60c2d2ffbdf |
| SHA512 | a0ba8c7b9864ca342930b817b37983270e5816a16097d1ddd1fbf38ca339db4c8d59d9fa71947bb83cfb4fcfe5a0cdc982a9b85adb1c91a2bff805f687f7a692 |
C:\Program Files\ReasonLabs\EPP\x64\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/5988-4482-0x0000020C1E6E0000-0x0000020C1E70E000-memory.dmp
memory/5988-4483-0x0000020C1E6E0000-0x0000020C1E70E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 1264314190d1e81276dde796c5a3537c |
| SHA1 | ab1c69efd9358b161ec31d7701d26c39ee708d57 |
| SHA256 | 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5 |
| SHA512 | a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9 |
memory/5988-4496-0x0000020C20330000-0x0000020C20342000-memory.dmp
memory/5988-4497-0x0000020C38B90000-0x0000020C38BCC000-memory.dmp
C:\Windows\Logs\DISM\dism.log
| MD5 | 7063948724d85fb6fb41044c8e7c48a7 |
| SHA1 | dece13f58b99dba82ce52e3ade697be89dcf0e2e |
| SHA256 | a9a6f9dd1347a399a89a67fccd8c3b5766faaa41dd7680b99911f61d78e1e9bf |
| SHA512 | 785015374c36a9e9e2473859ae77df9a6816aa56a7e9aeda2c8fdfbf3be87f9898edc3367d73a8438a703c640c8441b13af3bfa48fd718dd73e158511fce3097 |
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
C:\Program Files\ReasonLabs\EPP\InstallUtil.InstallLog
| MD5 | 8a0b93abf7961a386f153a4165e099f1 |
| SHA1 | 388165bcf6100b6a6c69cc51693716116e4c4896 |
| SHA256 | e1eee4a919996c03ff2a0f0a3617e48bbcdf3c41c9535466de7a02fcdcae680a |
| SHA512 | 36972b5ffdde91754c3d2a336856f9bbe9f5bc7fded2420ae8f1ba66df905b0e189327eecc6eff9deb3df29c288dfb60aa16c8f9dbe501e449b92a67aaf5edac |
memory/6420-4601-0x00000270753A0000-0x0000027075706000-memory.dmp
memory/6420-4604-0x0000027074760000-0x0000027074782000-memory.dmp
memory/6420-4603-0x00000270746F0000-0x000002707470A000-memory.dmp
memory/6420-4602-0x00000270751C0000-0x000002707533C000-memory.dmp
memory/6024-4774-0x0000000002B30000-0x0000000002B66000-memory.dmp
memory/6024-4775-0x00000000055D0000-0x0000000005BFA000-memory.dmp
memory/6024-4776-0x0000000005490000-0x00000000054B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ffwy1c0e.rs2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6024-4785-0x0000000005E50000-0x00000000061A7000-memory.dmp
memory/6024-4786-0x0000000006320000-0x000000000633E000-memory.dmp
memory/6024-4787-0x0000000006360000-0x00000000063AC000-memory.dmp
memory/6024-4789-0x000000006EFA0000-0x000000006EFEC000-memory.dmp
memory/6024-4788-0x0000000006900000-0x0000000006934000-memory.dmp
memory/6024-4798-0x0000000007310000-0x000000000732E000-memory.dmp
memory/6024-4799-0x0000000007340000-0x00000000073E4000-memory.dmp
memory/6024-4800-0x0000000007CB0000-0x000000000832A000-memory.dmp
memory/6024-4801-0x00000000076F0000-0x00000000076FA000-memory.dmp
memory/6024-4802-0x0000000007900000-0x0000000007996000-memory.dmp
memory/6024-4803-0x0000000007880000-0x0000000007891000-memory.dmp
memory/6024-4804-0x00000000078C0000-0x00000000078CE000-memory.dmp
memory/6024-4805-0x00000000079A0000-0x00000000079BA000-memory.dmp
memory/6228-4816-0x000000006EFA0000-0x000000006EFEC000-memory.dmp
memory/6936-4834-0x000000006EFA0000-0x000000006EFEC000-memory.dmp
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 6fe5ee1daf303963482ffc414b1f4aed |
| SHA1 | 076ebaeeb02853d96e20085fbedaf7e61f3a60d3 |
| SHA256 | 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae |
| SHA512 | 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 77138e2662cdeffd61cf6210ae3fb8ca |
| SHA1 | a085b99630efc74cedd0be9a0eeb57eff7b3850f |
| SHA256 | 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724 |
| SHA512 | a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5578283903c07cc737a43625e2cbb093 |
| SHA1 | f438ad2bef7125e928fcde43082a20457f5df159 |
| SHA256 | 7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2 |
| SHA512 | 3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601 |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b2e3ba2084f827f2e46a917983363f0b |
| SHA1 | 41fd27f8688b7a755abc0acc72a2a6a0e1045c78 |
| SHA256 | 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73 |
| SHA512 | 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0487ced0fdfd8d7a8e717211fcd7d709 |
| SHA1 | 598605311b8ef24b0a2ba2ccfedeecabe7fec901 |
| SHA256 | 76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571 |
| SHA512 | 16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993 |
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt
| MD5 | 4f4f31eb119ba7ca59faa37ef7367158 |
| SHA1 | 9152e8de366e100d9a6abe494d2ed64c2fdfef11 |
| SHA256 | 30f52821a7352bf3ef9341b44c16d35d0dc7ff46cc02ce6eec0b1f97ac1635f8 |
| SHA512 | a52a6b2df20c8de436d9c56b1ba9271237d59908104c66e2f46f6c10965aec6d8af82f09799d49289d0bc314d1fed0bffb0afce6174abb013e5b47b2d8dcb8bf |
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt
| MD5 | 3f00a28492f7d2dcfa6d54b1b2fb8e6e |
| SHA1 | 1b3ac56d636972068e78621c676d64b29fcfc4d1 |
| SHA256 | a01e6452c1a4bbd01467ad895e273547d9d77df37c79e6e36ec94dd91182cd83 |
| SHA512 | a2f773baa8c5deea379e7eb0c6e6fbf7ca34bc0cc12d7c906d9630baa26cea318407fcbbb1ce06197bebd86af65627b311423e4862989cdf0635b8850255c79a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6efbf542c904bb8895057fa6d30134cd |
| SHA1 | 23340f12c1e74c88f437f425de9b851f1f72f2cd |
| SHA256 | e831eff3635f19dcebc734e95900691b23e5ffd167dd2bdb3536d4586d7cd545 |
| SHA512 | 35639b735011b45e348e98bcd89c49fada3cd0bccee1ba5de87abad3eda57517b00f3db26170ecc8a09257908780c7bbc5811469e7a77a5eaa39ef8cfe35607e |
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/2788-5020-0x0000000073290000-0x0000000073A41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfbd9568ac569acb81d93f3b0fc16ce8 |
| SHA1 | 0fa46110fc2d5bca39a1baf507652599c3d3cd46 |
| SHA256 | d5d718b0f4018d75b14626206e0c7bd53bb7a99a2a94353f3f5df2a67dabf5d3 |
| SHA512 | 6d82278d1da700a417bf50158b0748006e7520f96eaca96133758041332b5f9ff99cd313f6428155b57c19a85299e6d9eece498a2ff4495fdb211342d8aaf586 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a52417db83ec9366047505aa0541a30 |
| SHA1 | e4f17368183c6d9d26755c759f43f7c099c4fe04 |
| SHA256 | 22770965a62f79528a9e38f78d1d5f78a344d240ea39ea25b3d5dbb0897a4080 |
| SHA512 | 36e25ef758d3bb70600f621ad7a52628df000204438b6816295e55b9804eb85cf158c360dfea08db1e15254067b0308bce9f59c611811749e0c15f96c2781713 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b638e3ebf8f68ef6e00265def21b3cfc |
| SHA1 | 1c7449bfffaa625dcff03bf79b3faf11f04da380 |
| SHA256 | f2d0661f373caf3cd9457cfb3bdddd9ff3e59624b0c7d11336f714ce321621f0 |
| SHA512 | 0c728a71b172375e0ecc4d3cfb61c5dccd871d33243a7210ad1b332138ae72465f1b68dda4148d5ce08e36e52462871c4c34ec4233656887bfd64212ac61f6dc |