08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a

Analysis

max time kernel
99s
max time network
153s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
13/01/2023, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_es_96374997_ld.exe
Size

3.6MB
MD5

90276982cc921f646f74f8310ef8cd6a
SHA1

37d5ff4e70485bbcc6e4ef6fa08d3b7839012d0f
SHA256

08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a
SHA512

bdbdb26aaae5b84e7c8298e5e6033142f872e8f25578274c3a8c8fdc7d1e07033be62760b5230a67696bf9f4d885a7187d17680b271e713f1f1a111fa37edf2c
SSDEEP

49152:KpiUPlcfO74zHK+1ULjFvnxe2T9g4tGOPf28xuYT:KpPNcG74r1ULxvxew9g1op

Score

8^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1400	saBSI.exe
1304	LDPlayer.exe
1872	avg_secure_browser_setup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	avg_secure_browser_setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	avg_secure_browser_setup.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Control Panel\International\Geo\Nation	avg_secure_browser_setup.exe

Loads dropped DLL 14 IoCs

pid	Process
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1400	saBSI.exe
1400	saBSI.exe
1400	saBSI.exe
1772	LDPlayer9_es_96374997_ld.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	avg_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\SOFTWARE\AVAST Software\Avast	avg_secure_browser_setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_secure_browser_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 1 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	avg_secure_browser_setup.exe

Kills process with taskkill 7 IoCs

evasion

pid	Process
1804	taskkill.exe
1956	taskkill.exe
1724	taskkill.exe
1492	taskkill.exe
1532	taskkill.exe
1748	taskkill.exe
660	taskkill.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	LDPlayer9_es_96374997_ld.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	LDPlayer9_es_96374997_ld.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	LDPlayer9_es_96374997_ld.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	LDPlayer9_es_96374997_ld.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	LDPlayer9_es_96374997_ld.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	LDPlayer9_es_96374997_ld.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	LDPlayer9_es_96374997_ld.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	LDPlayer9_es_96374997_ld.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1400	saBSI.exe
1400	saBSI.exe
1400	saBSI.exe
1400	saBSI.exe
1400	saBSI.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1304	LDPlayer.exe
1304	LDPlayer.exe
1304	LDPlayer.exe
1304	LDPlayer.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1772	LDPlayer9_es_96374997_ld.exe
1304	LDPlayer.exe
1304	LDPlayer.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe
1872	avg_secure_browser_setup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1772	LDPlayer9_es_96374997_ld.exe
Token: SeShutdownPrivilege	1772	LDPlayer9_es_96374997_ld.exe
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	1956	taskkill.exe
Token: SeDebugPrivilege	1724	taskkill.exe
Token: SeDebugPrivilege	1492	taskkill.exe
Token: SeTakeOwnershipPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe
Token: SeDebugPrivilege	1304	LDPlayer.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 1804	1772	LDPlayer9_es_96374997_ld.exe	30
PID 1772 wrote to memory of 1804	1772	LDPlayer9_es_96374997_ld.exe	30
PID 1772 wrote to memory of 1804	1772	LDPlayer9_es_96374997_ld.exe	30
PID 1772 wrote to memory of 1804	1772	LDPlayer9_es_96374997_ld.exe	30
PID 1772 wrote to memory of 1956	1772	LDPlayer9_es_96374997_ld.exe	33
PID 1772 wrote to memory of 1956	1772	LDPlayer9_es_96374997_ld.exe	33
PID 1772 wrote to memory of 1956	1772	LDPlayer9_es_96374997_ld.exe	33
PID 1772 wrote to memory of 1956	1772	LDPlayer9_es_96374997_ld.exe	33
PID 1772 wrote to memory of 1724	1772	LDPlayer9_es_96374997_ld.exe	35
PID 1772 wrote to memory of 1724	1772	LDPlayer9_es_96374997_ld.exe	35
PID 1772 wrote to memory of 1724	1772	LDPlayer9_es_96374997_ld.exe	35
PID 1772 wrote to memory of 1724	1772	LDPlayer9_es_96374997_ld.exe	35
PID 1772 wrote to memory of 1492	1772	LDPlayer9_es_96374997_ld.exe	37
PID 1772 wrote to memory of 1492	1772	LDPlayer9_es_96374997_ld.exe	37
PID 1772 wrote to memory of 1492	1772	LDPlayer9_es_96374997_ld.exe	37
PID 1772 wrote to memory of 1492	1772	LDPlayer9_es_96374997_ld.exe	37
PID 1772 wrote to memory of 1304	1772	LDPlayer9_es_96374997_ld.exe	40
PID 1772 wrote to memory of 1304	1772	LDPlayer9_es_96374997_ld.exe	40
PID 1772 wrote to memory of 1304	1772	LDPlayer9_es_96374997_ld.exe	40
PID 1772 wrote to memory of 1304	1772	LDPlayer9_es_96374997_ld.exe	40
PID 1304 wrote to memory of 1532	1304	LDPlayer.exe	42
PID 1304 wrote to memory of 1532	1304	LDPlayer.exe	42
PID 1304 wrote to memory of 1532	1304	LDPlayer.exe	42
PID 1304 wrote to memory of 1532	1304	LDPlayer.exe	42
PID 1304 wrote to memory of 1748	1304	LDPlayer.exe	44
PID 1304 wrote to memory of 1748	1304	LDPlayer.exe	44
PID 1304 wrote to memory of 1748	1304	LDPlayer.exe	44
PID 1304 wrote to memory of 1748	1304	LDPlayer.exe	44
PID 1304 wrote to memory of 660	1304	LDPlayer.exe	46
PID 1304 wrote to memory of 660	1304	LDPlayer.exe	46
PID 1304 wrote to memory of 660	1304	LDPlayer.exe	46
PID 1304 wrote to memory of 660	1304	LDPlayer.exe	46

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_96374997_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_96374997_ld.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1804
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnmultiplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1956
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnupdate.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1724
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM bugreport.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1492
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -downloader -openid=96374997 -language=es -path="C:\LDPlayer\LDPlayer9\" -silence
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1304
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /F /IM dnmultiplayerex.exe /T
    3⤵
    - Kills process with taskkill
    PID:1532
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM fynews.exe
    3⤵
    - Kills process with taskkill
    PID:1748
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM ldnews.exe
    3⤵
    - Kills process with taskkill
    PID:660

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91088 PaidDistribution=true
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1400

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=3cFh3hECdvEO30biqL8gHsEsmfYyiFKUCDwsThE45qK0uoVmMzTkZEQYNE3BRAAapoYWkQUiAudf8I3sTiOI0xcoZ /make-default
1⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:1872
- C:\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe
  AVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome --private-browsing"
  2⤵
  PID:1216
- - C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdate.exe
    "C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome --private-browsing"
    3⤵
    PID:540
  - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
      "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
      4⤵
      PID:1940
  - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
      "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
      4⤵
      PID:1092
    - - C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1100
    - - C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1608
    - - C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1084
  - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
      "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTU4Mi4zIiBzaGVsbF92ZXJzaW9uPSIxLjguMTU4Mi4zIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezhCNkJCODkxLTI1MDUtNEVGQy05N0ZCLTY5QzkyRkJFNjJDQn0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9IntERjNCNkEwOC0xQ0YwLTRENDgtQjhERC1DOEQ0RkFGOUYzRTB9IiB1c2VyaWRfZGF0ZT0iMjAyMzAxMTMiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDExMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9Ins3QzU4M0Q3MS01MkE1LTRCNzctQUE4NC1CN0U4QjI5MjEwQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNTgyLjMiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTE0NSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTMyOTIiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      PID:624
  - - C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
      "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Diexplore --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{8B6BB891-2505-4EFC-97FB-69C92FBE62CB}" /silent
      4⤵
      PID:1864

C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe
"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
1⤵
PID:992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
354.6MB

MD5
f57ed9c93260230635be08370b5aa0e7

SHA1
1efabba0f68a3a9b2eb95467b377f5997c7003cc

SHA256
8241922b936fed8a8c7704ed440cdb7aafbb5a7f566dfb1fa3705bce8b80719b

SHA512
996272a3f6099970272931f819cde26e879fe47d694ee7efa60bf1546ee3e3d075cfc3882ad68a56323e9961ddf2b93b86e2ee5bb4fc1748f2dadd51eab08cd8

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserCrashHandler.exe

Filesize
149KB

MD5
ad2e402663cf92613e1ffd1d04bcdeb2

SHA1
cea9b5d96b47cf9c82254593ba12b50b97fa59f0

SHA256
c72b63a6b690352af20405cb0e9ab84951ee116f417a2b6462859242bac4137b

SHA512
94a86ab826c969af54c9be213e1bb282f0125d645bc865a014d3421caf93467f01ae01cc9fcac3c79c05b1e60f18c1024ec1f0c7717056164a8e5d7cf1336bc0

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserCrashHandler64.exe

Filesize
170KB

MD5
e2af0d9d0b2e31f81d0e6e1b78938334

SHA1
e6a0d14d5389552ce66fa78a10168332e80f1f31

SHA256
dcbd4e1dc1eae19330d2bf71b6898557abcbaa07f218e82c7635239afd38a74b

SHA512
1f01cbffa3f1e871256fa01aa66357c595566f2faea6a5794faf7e98cec821bb086b54ef1bcc28643e76dabff4b40c7f2c8ea372c7bcb3ffcdf9144b5164c812

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdate.exe

Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdate.exe

Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdateComRegisterShell64.exe

Filesize
428KB

MD5
8ea0a182db821e88f1b621b69fa49b78

SHA1
a45a8cfb30e97c519e0f19461ba5fe63dbb33b14

SHA256
96b55dd977f1752b4ff18049aed276b77e5b15fdb233e06aed5cb71f8b83c229

SHA512
6672ef221d782e249adf9d39f44ab52d8580559b22b05ab992d68ea4a7eb7796b02649cfe17a6f0d6ea3990c8d8575489c310c0d6a4b452e23af7b4feebb2c38

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdateCore.exe

Filesize
512KB

MD5
0eaf12bb06501a62df52d3ff488d009e

SHA1
217b8e7b39d9698f134a2ee91efc6c07957b2503

SHA256
b9e37578debabb533b5ad30b31a20c1275f12eb5b1778386c2ee086b09512c37

SHA512
d418cc64bdc84217d98b1d7ae9f55d51873070372418cb88b1720e48f0fa744dc60b72c053cb8ce42be488b581eef60b93ed6d1d797520796f52f5c3b551acd9

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdate.dll

Filesize
1.4MB

MD5
0fb0c73e4ea6f96f77b6767c8a144c33

SHA1
cfe4a43b70b5e7fe07caac28b508830d273cf1ab

SHA256
a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f

SHA512
0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_am.dll

Filesize
42KB

MD5
eba91ccd512c0716335b8b76e477501e

SHA1
2ab70b37b7dd484e8214fa0f1428840d16a6c270

SHA256
8d5680894b68f29d78cf8e28ab0417703a7d2285e64ef6faec00e21a0dae87d6

SHA512
dfc5c2bb722e094d2efba0890bedf39b0f4e153222f11962416cebe6a6daf34412b0d8b6a48c8d8ebda3df842709582f602d3a859978c307c40bde5aecf307a6

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
4c82a8747c827a2fa395a365b2e7bae9

SHA1
e134b4bd98aeec8db67d4c95f012bcbdb64c868d

SHA256
3f2bd8052346356f14c84534a4dd802808e99b643570b0cfce1ad534146925d0

SHA512
24a36a6569ecf823e8c8af9a9001203769f7d65a3ad7831322985307bf0cbee464ea7c6681f45e8887d020a8fc85e02689240217aa55a3f43ca7309c36e4dc75

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
82644b3b98f8631fe07faaf6f227ada4

SHA1
63ea89b65687b30be4a45baa9481ce94b0639ec0

SHA256
7d3d847fe7926bc36c595a7bef4576ae1da246416fac2cb095fb1ace70983106

SHA512
8da646f9192dc8618f1cf4e9ae547bb22c28c7d3d4dc9f2ed9eb5dea7ae488b64b3a4ac02d396b89d6440e2bc304e8f52f4250b2caa53ae180ea0550647bdb70

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
86c640ee78e93e1ec1f99dd34674836a

SHA1
b1a23ba25b03cf3f6787304e31f787bbdf548c9d

SHA256
ded5a319700de0fc6c3de26eb6759e514ab7eb216a5a65661c5416bfdc145adf

SHA512
27ffaa9f9d142dc276e41cb1bc541be4605a86424722c8d6956dee8e33a04e3300767412ae7106614736e8caed6c63843b86c959b936cfb9363926a3372182aa

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
7c33ee6fe65c59bbeb718ddf608d9d52

SHA1
e3714574b5602d4575747eac14d1d052a1774398

SHA256
02d98d46b3256625e0ffee74f5ebe7cc34c44412589b7979357d4fd56cd8abeb

SHA512
939f160483b06b8ed28faaf1efc654a349f58d63397636bab4a7c740b2a31fc1bef240eea1102aa3a3e6f958db9d49b2fd1314c9744c1dcb417fc4def3107636

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
93ece78ead19d283b7bb961efad21111

SHA1
7d8efa82562a28057e7ad5f1d04c1b2a956fc166

SHA256
6663a5b62838b6b0ac4fdd39c79120ed8c2f097c74eddd76a10d3fbf372cdd29

SHA512
d97c5fd77c86ada512af2535d6bd19f3c1e9824cd5911fa0ae8703af194eef25ea4fc85a9cd92e255522c8898a799e58493bf9bfb3cc6a5c83d317952944a07a

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_da.dll

Filesize
43KB

MD5
52c3b5ab8d255e22d7f6d46661083912

SHA1
e67f76aa7e653d963a0240f42f2c3029401d0808

SHA256
8335b6172b15b71ee1b356e1d6bd24cacf8b3eb7834e6abab219f7fa6ee322a5

SHA512
2cc7edf54ae1fa040372a713b68ec72274c02b03675015cef304fa9b8021718d0ab94022b655a8e3e2e772c6c44dd7d65365233099e12c1adac390af85a1f846

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_de.dll

Filesize
45KB

MD5
5f1f2a7c94634ab1a26bc328347d5322

SHA1
f19136aea5a9095ec291ee16dbe44694ce57e228

SHA256
ee7fe0cadcc8055a9bc1c46d5c0f71198555c4bdc7378cf9da75dffbe49c8551

SHA512
23705cb8c03b9e28b54e88d7bd00167e4a6fd70aa308737429c5ef6242943d28f8cbd4d34fdf8a9a459bc8185464e6f79b7ac390995cd09119cbc9f53e9b0835

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_el.dll

Filesize
45KB

MD5
c179bbdea723c4d29b6f561137e0b62f

SHA1
f18a21d99613050928779d51453fa6f038eb4200

SHA256
fae09add40e34b79c0ac4b4bfcf0edbaed06b99939c7c3b348b5501f0b26648f

SHA512
f122e05d073618eac0986b983f20e8a916aa63ee88641fed73b575c24d49d925271859937394cb52a4ab0a78056de4b90b994258aa0999e7f11bbc14f1b846a0

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_en-GB.dll

Filesize
42KB

MD5
97b377e5b775f0fb20d205603b415321

SHA1
baeb19f51ab99428aa9eaf0fa559e80aae392d2c

SHA256
5ed61572c9322f6229711cc41a99c648d3d35386d6899749def8d13dd2f88c41

SHA512
a67856b470753becdeca16c8c204f487ce4e6800a1033fba2a41299675c106b3547239b0119954303052e2ca912ff5101859f06c2ebf96514f74136868ba26fc

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_en.dll

Filesize
42KB

MD5
2d104154df1390915432d09a15494d1d

SHA1
c71ddbf257e3cc823436e470b16faf95256b104d

SHA256
8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c

SHA512
92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_es-419.dll

Filesize
44KB

MD5
037618018f90ba735f23b5ac5fd6abc3

SHA1
79a3c4dc7fb00e0b9386e9eb78bc3ae14176a98a

SHA256
4d8b92449bf5db29322749089bd7b5be211033165200255d606a826ce1df6be1

SHA512
def33437b1d96bf7972a14e6b6ce003c33822a04b00de2127639118a3002aec4a645c868587b8721d3fdc65c45c675a33e4b18ea0f6a90c1a2408b7dfe55ec30

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_es.dll

Filesize
45KB

MD5
7c13b6fd1664394adffb9390fc943cc1

SHA1
b859a2c726b79611fb69a426d6c4c23664c02502

SHA256
726a4c2eb02e04c391b6c4d345181fdab824b64aefc3a21746f774261d17df49

SHA512
c509456cee0a4e0313eb79464f28a0d6f4158f1c86a306b1188c65f98a759810611fb6e4743bf6906883316403678b686e010306f40975ed889e0e6255aff9c9

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_et.dll

Filesize
43KB

MD5
f72309f5cdc933367154ef0880b3e8f8

SHA1
76c6d7b130eb45778a17a398fd26aa6258a57c5b

SHA256
a1b0586135a11b8bdfa4cc8c7fc65450cc4016a0d9a0c2fbee17f8372ef15bc7

SHA512
05d749812bd9d2c27971b76709aafa082beec160fee419e2da3138132964376a91a952be22f621ace933a1c36f8f86bfdc436ab2640d3f2e887c7772d78a5553

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
6a58611dba9f52daafb7f309887ae55e

SHA1
fed17116977873a492887cf4ab089bba20dd6541

SHA256
98e182f66ad302bcc21d86bae5fc65a995c56d4adffa7601f1d1459078568282

SHA512
a6756faa6f55fec40dee70c232439b6c9de3673fb6769a0b14d3b53c233c09f5318c719cdc59ae9a58b2949186514700f0de00795790d0da79ca61fa72007a50

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
55452845008663060d0cb33090d01826

SHA1
e46e202f0d50ec2ef311a7aac552dce176565e61

SHA256
a07b5da6747a123e81b039193a24e2207eb1e702328737913ab00808ceb7df59

SHA512
45cb830bd5855f237d2a2916d1710dd0b157decc3233cffe258f8dd2805066a4c32471246a63efeab7552daa6738839391f9b658164ba1f0cc404d9700786d96

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
8d012fa4d6fd3e1650378092c4288814

SHA1
162e1b7b3d327e197aba6277964f46c6cb3dc769

SHA256
b7ccb942dfaddf61404a49357a48b032cb32409e724d99fef9f6c9b1985a468a

SHA512
1d9937ea3c0587fc3c7598288b98517ad9225d4255009bbf74a1f5d3c83700e73929098ed99869f9eed83ee333241a35a1370bf7fcfa1aa3edc9bd480925e394

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_fr.dll

Filesize
45KB

MD5
74a823da131704e197b96d8704e74af4

SHA1
9754a5aad8a14b0a6100fdeed3d6bbb98991b027

SHA256
35344a4a9bd879c4981414fd8ebaf487c2db707079a977ad05329649af51724f

SHA512
4353551fe55ac410cf024b14c702a448c046605a959e33bac396e73dd088766b01143f295c7e9a19603a22a1a242b9e429bd3d164146bbfb0ed5b771e66970c5

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_gu.dll

Filesize
45KB

MD5
35be95f094e92629cb929c297a3c2cfb

SHA1
531e1b855845193f72f671a0ddc816d458f96654

SHA256
80a6b80d1ad6c1da8c7f812d97856cf3c20903e157c5695adf8db66eb16d86de

SHA512
3fbb14f97743c804fa254469536ba0a5cef526bb3f0e85c7227a72c2e0a64d37c4234ed4d8c6fdcfcc4dffd2b4aea6be43cf38029ce518202891202e9212eec0

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_hi.dll

Filesize
43KB

MD5
be974ea984d6f35b6b83fb0f8a9ffd54

SHA1
96216a9bb189cf6370eb23f2f3cee2a87d3bf7f5

SHA256
ecfa69cdc18d4b41affa513b0402cd8f0538220ea26f362c1f3ccafd1cb010f2

SHA512
68904bafe6228d211515da53ed5800cc191ba1afb29907964f140d8613d3a7280009d2ff6a826a20f4ddc6813830d4182f763a55fcd9b20d8c1604251599e9cf

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_hr.dll

Filesize
44KB

MD5
52756a999b1e3c8d670cfcb6e8682770

SHA1
0b34a368292cf094442d9c2abe817d91d8a3b99f

SHA256
a18f78d3a945a16dfafa976cb15b27953de298913739eeac604eb5a749cc55c4

SHA512
d33dd529136feb4e349894c023173317109908167eab493899eff3b35d752ae46434ed9b84f6523872e423cc8dadabe88fa7bd6f5321b92b63ff1ce41e759772

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_hu.dll

Filesize
44KB

MD5
14bdf3c56d2f471d2b07e86a4fbe5219

SHA1
17fa1c2264b33b96a43627d1a2f0a719820fa485

SHA256
b5a023d3cabe0128bd0f59c71d619ede8536334c4ff3209a68b95a8fddc33b83

SHA512
e28e1f96d1216e890f1470e32f2daebeca9153d6bfc6a77875975cc7ebf17f89b9af7f2d8d960e0464b3b509e84260ac8a4a4ff9654d9b4aee9195fc8f2d3fa9

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_id.dll

Filesize
43KB

MD5
474b7f3418510f39bc3dddbf2dd1b56a

SHA1
4dc59cb357a4924b1d195720000e5d5f42eeaad6

SHA256
a12584b1a87b5acd499fdcd6be0ac67546cc4197e885efb0bf96f4d37b37ed80

SHA512
d02bbdb1127113583627680109e8ef1ce12dcb52c7d0d23aef009f044276bcd76f173a2978c920e27afe98b8154284835e60d0e279c24fa725c9382416f8d64f

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_is.dll

Filesize
43KB

MD5
ff3a591a75788b065002938e795e0355

SHA1
b0966278615e72a23b4b7095de3103ff5e92f246

SHA256
5961eac8debea44b0937fa7b78c158bdd0ef364fe1dbc6721e8f037cadfaaad7

SHA512
1d453a0e253cbae8414bd095dd00a429a29f19071e66b51e8b52d44868603b4efb281986ab033b4f7041359f6b0079071b0a697f2f7b5453a24233870d81342d

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_it.dll

Filesize
45KB

MD5
2df48024c5c4a6d5967b784384906b51

SHA1
06de57c9b129b10f0c58c06ce2723243c101dd67

SHA256
90e04344127eff18082110c7d5d86dd2b73e1957bc66ab199d245ce1da5579e1

SHA512
4824b3000d078c6c6bfa972ee3bb5d9f10e9220f127adb501127df644a4340e8f0f0932d08b2891d15a5901cf2619c738da91f453d7feca4172bef15aac25513

Download Submit
C:\Program Files (x86)\GUMAA54.tmp\goopdateres_iw.dll

Filesize
41KB

MD5
bc2383336a1424ad32d0746b36bb6d47

SHA1
11d586235f51f42c5884747e9b2ee541a3714821

SHA256
9420d2552732d93825bc3e80497a07eef17f52b64ddc8405014d99b59131c99f

SHA512
c020f081a6e04c80d4366eb4f4914a7583532178dd03f0c3f5bf8416ddfbcca246c73996e77cf3a19e37b91b11c66023d12a12539b2118865233a9f8d6d47619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fa5eee9a309dd083eea34cfc7264447

SHA1
d3242e4b839fe055547ab28766b51e2da08ebadd

SHA256
d1e54cdae66709212ff16c5ead2e7bd6a9a19fc3c004dc6cca2522392ec25fbe

SHA512
b31e797424ddd8389ad595c0fa3927318f5c3ca9189e3c94c19df7c26fd48056680be2874ff49acce2e4b4eedad6e74a2b50182a523b5f202818fcb56843c926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbe71fefbe69c7f64fd07c2a3452421b

SHA1
435dc22fc64f2f1cd8746c5dfa663a153376a3cf

SHA256
8647dd59c8cceb362d5ebd53e130f5776fd4bb0f8ba018b3f6248eb4bfd6e0fa

SHA512
18fb436dffb3212085cd382af2ffcc574cc28156529564115aea5bc5f323f0ff734cfaede68c8ec93b49829a062fb988806ca1c14d243cbacd972eed3be573b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe

Filesize
6.0MB

MD5
2099532cc61484aaa604e1a05d02a3a4

SHA1
45bf61807173015e39dff1813c3d8f3cc4b47bea

SHA256
ef02cfbadc8dde416cd03fd856919012896e652fecfb15a9d1b07299138b05c9

SHA512
a71508d95d84c1f5c3cff98fe13451b26249bb462badab275beb715ac9bdf9715402e422702fc7f33f510248d171336575cf82b8c640288e665025ae3b15fd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\avg_secure_browser_setup.exe

Filesize
6.0MB

MD5
2099532cc61484aaa604e1a05d02a3a4

SHA1
45bf61807173015e39dff1813c3d8f3cc4b47bea

SHA256
ef02cfbadc8dde416cd03fd856919012896e652fecfb15a9d1b07299138b05c9

SHA512
a71508d95d84c1f5c3cff98fe13451b26249bb462badab275beb715ac9bdf9715402e422702fc7f33f510248d171336575cf82b8c640288e665025ae3b15fd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
360.6MB

MD5
e22e89cb5af60452f64a985dff1f454f

SHA1
4ccca234151eac1160306b68e99f61b7571a44fa

SHA256
c0c4a1c3fc02edfc0ad0f3e0bdf7abd6dffb29e0d302b4394ec42896b849137c

SHA512
cda9182c23896f1a1b05228f7f23355e5d2a15caced6531290045ece557e12cfcfa0fcd53be3ecd8ab3a7376de219bab4bd0808f1d10599a21e25d2d5c941a73

Download Submit
\Program Files (x86)\GUMAA54.tmp\AVGBrowserUpdate.exe

Filesize
204KB

MD5
a2e0e8ff0bb8068d6e06db4b5da75806

SHA1
8ff63d9d3c7879f40070851e464241ab5ce82273

SHA256
9127425263da7557b33e7035258e661925c445c0443a825227b6e5a75093f964

SHA512
dccd0a4dca930ce8ad77487fdb7c92a70388c6eef4d6b662f8c766df57a250fe2096ede8122941ec62dfa51bed4cfa848bcf6e07dcd0fdd52920cf2c84095a32

Download Submit
\Program Files (x86)\GUMAA54.tmp\goopdate.dll

Filesize
1.4MB

MD5
0fb0c73e4ea6f96f77b6767c8a144c33

SHA1
cfe4a43b70b5e7fe07caac28b508830d273cf1ab

SHA256
a13e6df98938d8c3cb245629a1c3abef1a76e2690f73819a846eb4a2dbcc973f

SHA512
0d9c48cf9a62b94b32a47db097cf3af7916ca15eabcf54b476eda8591b49e292a745919b3cbf90ff4ec9d126e0299371c858dab5e2894404fb71d9e23f4ee433

Download Submit
\Program Files (x86)\GUMAA54.tmp\goopdateres_en.dll

Filesize
42KB

MD5
2d104154df1390915432d09a15494d1d

SHA1
c71ddbf257e3cc823436e470b16faf95256b104d

SHA256
8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c

SHA512
92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31

Download Submit
\Program Files (x86)\GUMAA54.tmp\goopdateres_en.dll

Filesize
42KB

MD5
2d104154df1390915432d09a15494d1d

SHA1
c71ddbf257e3cc823436e470b16faf95256b104d

SHA256
8c1986122b2e15919ef09364c4a17fa9e25f028a52167d9b50b08795d42fee4c

SHA512
92c64c0237337b8a0174d7760735c6e1b039b4b9fb96b892e3f13301de58ed8d2fbf53f65c8fdcbd4b089b6429c14d6b8aeae752c80712e3376cae1ede47cb31

Download Submit
\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

Filesize
1.2MB

MD5
2c5cc4fed6ef0d07e8a855ea52b7c108

SHA1
6db652c54c0e712f1db740fc8535791bf7845dcc

SHA256
60410875199ad0bf34cd8402e0cc9151caf919fe98eeffd7056285e7239a3474

SHA512
cd8622cc38270caaf90ba61058a80d5554700dcfbb05ee921dde9aba7a1d6a068f24e73535baf3bbf4d2cc63d84cfe362cfa67df201b401d52b5af490610b0cc

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\AVGBrowserUpdateSetup.exe

Filesize
1.6MB

MD5
34a8f08f336cc90a6746e954252074d5

SHA1
6e15049f46b7d84f72f5fd29b5763092101ffab0

SHA256
9bb292fe2685e6e274ee309c9c5926515cb126da4ff10b94e1595b9f63499ce7

SHA512
18c540e47d363561c59eb57ead438d5e1ee96f2b36ee4089789d7c5bf6ddfece2b4c9031f65521427ddff325803ba85c632b0082c224876d0d8668f22fd8e55b

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\JsisPlugins.dll

Filesize
2.0MB

MD5
3f4f65c3551435aa4f70b23db238e027

SHA1
10a50d1003a2da42b869527098758bbd0c5a0b93

SHA256
3d52f17598297580cc04e8698010d8234b199250803f826fa03031a8f8507e7f

SHA512
15b9f0ef917167ed1c3fcbf6235ec277665abb662f26bf338bda2dcc815503b27eab4bfea88f5e4609a40a02f88a87a28d02ca1e4a7575905cb9217b58151a07

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\Midex.dll

Filesize
126KB

MD5
00fd199d6b8d08446f4862c31b191ca7

SHA1
b6ff09243cb10e34ed8efbdd822add98585008d4

SHA256
1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24

SHA512
fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\Midex.dll

Filesize
126KB

MD5
00fd199d6b8d08446f4862c31b191ca7

SHA1
b6ff09243cb10e34ed8efbdd822add98585008d4

SHA256
1b2a0de815e288161f0a156b4d1f17f06d2f4840b71d9d1903ad1284192cde24

SHA512
fd5e07ac20a40600c2117793f1c5253f2f6113c38cafc71ac87296d92c50217af4aeb3f44fd2834ec08d89dd8434ab1952262123eced279210236bb770c18ad7

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\StdUtils.dll

Filesize
195KB

MD5
9a44ba9a6e36099d8058fed7feb1ca5a

SHA1
457679105484f604606db9b7cfc809240620747d

SHA256
445a8c41038974bf604cd826e192da08431e8b0c72f6a8ecb6894f8c5a6c777d

SHA512
34b555ef7e3f2a4b700ee4755dae68e42e12533d2bf688cb0251691aedd62120b8913ebec16d2fc239fe0bd1aa1d3657e0f456c1ae260e6f6154b4aef3c9f68f

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\jsis.dll

Filesize
127KB

MD5
465d5265bfe5b90f821235f0e13ba5e4

SHA1
da4d81c230b3aaa1e0dc891df8650e3a777da263

SHA256
ecca190ce5307cee4b4f02062ba0fca6ae2d0fa0d5ac223c726eab31d55b822d

SHA512
bf608b77b7240a4b04a5750e4cce63c6a394f143a823344e1a8c1f57a19a28d20fb1e376548e5db8a6ff69a7cbf6dd247c2f80a1adaaba3c105f5030f23604ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\nsJSON.dll

Filesize
36KB

MD5
18662c1acb667a9db5fb9e90aa0f5dc8

SHA1
d332202bad869e5c71f30bd816940b262cf24603

SHA256
608d4aefd5c5184bc109cbd94a5d4c8883a4ae6cedf81cfc3028d2570a849a66

SHA512
751b51b24b659f97a4fe9d2d3e38e1333221521fa1fe26e217114e767a9bdd3b341079fe9ff51570ada16ec30644552823ab5437d4a7a875f04525aeaced7687

Download Submit
\Users\Admin\AppData\Local\Temp\nsz78DB.tmp\thirdparty.dll

Filesize
93KB

MD5
080eea7a54aeb7ea3d016645dec05bd6

SHA1
771e1b0fe952ace3d2af3985b0b8d06c65f4d902

SHA256
84cab1c6df2eddced4e60fc1e158b772f7b766d0faed27e33bd5f0ea69903bf4

SHA512
a097aad8861bbd40b3871409750134277ee49c7f20604ec8f80f21f3ca05ae6dd54309f528c51c2db4dae06be81f2363c43a20d882484bfe36bea044a7476937

Download Submit
memory/1772-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1772-58-0x00000000025C0000-0x00000000025D4000-memory.dmp

Filesize
80KB

Download
memory/1772-59-0x00000000029F0000-0x0000000002A34000-memory.dmp

Filesize
272KB

Download
memory/1772-60-0x00000000048A6000-0x00000000048B7000-memory.dmp

Filesize
68KB

Download
memory/1772-61-0x00000000048A6000-0x00000000048B7000-memory.dmp

Filesize
68KB

Download