Analysis Overview
score
8/10
Threat Level: Likely malicious
The file https://www.ldplayer.net/versions was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Manipulates Digital Signatures
Downloads MZ/PE file
Creates new service(s)
Executes dropped EXE
Registers COM server for autorun
Modifies file permissions
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in Windows directory
Drops file in Program Files directory
Launches sc.exe
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer Phishing Filter
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: LoadsDriver
Checks processor information in registry
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Runs net.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-26 15:33
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 15:33
Reported
2024-05-26 15:38
Platform
win7-20231129-en
Max time kernel
297s
Max time network
299s
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.ldplayer.net/versions
Signatures
Creates new service(s)
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustInit" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcurl.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libssl-1_1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxSup-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDD.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-console-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qoffscreen.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libOpenglRender2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libeay32.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5OpenGL.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSVGA3D.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetLwfUninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstInt.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxC.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSDL.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr100.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxStub.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\comregister.cmd | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\UICommon.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRT.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Gui.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\fastpipe2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\crashreport.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxSampleDevice.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b02c971982afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\ldplayer.net | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = b104000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8ec8726027c3b45b4722f3f31bcaf990000000002000000000010660000000100002000000022cee08581fe20758bd5c33c3f1dc12a4edc72d74630536e25ca6d9c809940d6000000000e800000000200002000000018f61ee45edc25d0b1ac44e195cf485b92ef71a5d0a975d064c4caf9396774ea90000000e13a8f21f9524fdd6694dcd1452bc45c39359397ee4477220fd3e31ce65b2d0efb6c1f88cce957f68d4aff52252467a8577c03b8f660e38a0f4b9f7d60fe18d82705763462ac69949317a3b9541f1b70cbe8c010d487d511108a8687f2949593671358b38acb2615c94fd3ad6a08001bb143920aed7447c32a994c4917cb1fcd37e421b01dabda69696819d11ac338fa4000000034ea9af8f7432614819bfe7711041d3de4969650dd9cdffec21c0bb286782161818a6c1abf03912fed8fda5f721609f27f92ad5d9facc96517f201d7dc921f86 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DDF5421-1B75-11EF-932B-4E2C21FEB07B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b01f662582afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422899643" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MAIN | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0A89AD1-1B75-11EF-932B-4E2C21FEB07B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\ = "IGuestOSType" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods\ = "14" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\ = "IVirtualBox" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\ = "IHostNameResolutionConfigurationChangeEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods\ = "18" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer\ = "VirtualBox.VirtualBoxClient.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ = "IGuestFileEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\ = "IRecordingScreenSettings" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ = "VirtualBox Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ldbk\ = "ldmnq.ldbk" | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\ = "IUSBDeviceStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\NumMethods\ = "37" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07da-41ec-ac4a-3dd99db35594} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\ = "ISystemProperties" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods\ = "13" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ = "IGuestSession" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604d-11e9-92d3-53cb473db9fb} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-9641-4397-854A-040439D0114B}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID | C:\Windows\system32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.ldplayer.net/versions
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe"
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1252 -language=en -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=393590
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/4bUcwDd53d
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc0
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 163.181.154.235:443 | www.ldplayer.net | tcp |
| US | 163.181.154.235:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 163.181.154.233:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.233:443 | ldcdn.ldmnq.com | tcp |
| NL | 23.62.61.129:80 | www.bing.com | tcp |
| NL | 23.62.61.129:80 | www.bing.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 18.172.89.34:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.34:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.34:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 18.172.89.34:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.34:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 162.159.130.234:443 | discord.gg | tcp |
| US | 163.181.154.232:443 | en.ldplayer.net | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| GB | 18.172.89.86:80 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:80 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| US | 163.181.154.248:443 | advertise.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.86:443 | apien.ldmnq.com | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| GB | 3.162.20.108:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.39:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.103:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.92:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| GB | 18.172.89.75:443 | ad.ldplayer.net | tcp |
| GB | 18.172.89.75:443 | ad.ldplayer.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab12A6.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar14BE.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19a9810301918d9d2dc3e8216994a30b |
| SHA1 | 6031bba5d96976e3a35500bb06c5cba7b2bb668a |
| SHA256 | b4b8699c7e952200d96f9e1a5f75625c19ae2a45fb44836433c31e2ec4ac0daf |
| SHA512 | 6f53a88d12a4ca1be11be0f6415783fb097aa62ec4ec4a02882762be4d8ff82eac113e4caaf6f07d6dd0170621101d0e3b4378ff74394a15f9174f684d1d8639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b14a45a816eacf9cb7b42ad0f597355d |
| SHA1 | 6f53401499788078ebe5af00b2a74fa9742f1002 |
| SHA256 | a0ce68d3b6ab2803520c450014d2109d4d47200eaeeba861e4dc0fd462365b20 |
| SHA512 | a5273bd9712150879bae69d797c3beba45b17e47e798cd958162f267ea4a76ea8132c85c809c863df3160368cc99671479dc5640d1f7fe9a6e1af6a728887e25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9ed6dc9f582c6534f37bc7222cab10e |
| SHA1 | dbb6194a6a28d2f6d7513016cc34c2ebcae6768b |
| SHA256 | e90d9f1cdbca9d1f1bf55534d435dad70407eed8459000d4cf5b263f3f039343 |
| SHA512 | eadec1dfc57dc0335c48a0bdb651b6634b14ff9f442c1692d2011cf74646d9fd37ed448199045309c11554484e77c718638feb635bf2324580358286a7f6b51c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bb30fb349b5121b6cdbda3614542b03 |
| SHA1 | b9d9c76102f5135c854d8e0f7d2a57088129099e |
| SHA256 | 8de3e052a80148b17ff49b5380a55bfaafe9eed38b66c0d7fcd18d6884a1c452 |
| SHA512 | bc2ff381a1dabece71f1876bbf682ba200725796c1f8e562e1218fc2d3bd1827bd97b61f7a771499aeb1c0483627f58f0a65e39f9338a28aba30adbd33f07ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fea75cbcff0b89ee371a1daf4208137 |
| SHA1 | 42f955d210e71e7841cb466c5f692f18a898499e |
| SHA256 | 6feb4588ac2b1da6de377a591d8369c72792f6e40f68193c2754e96a47e1f193 |
| SHA512 | b67509110774ee315468400db4c495e23d7586bd5a860ec6dbe50ed28f0f6780357f1fd64fd97d182ebca5c5d1ed503bbae3c56a4c7a25690a3d2165f1cfb8a3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T6IXGUU\favicon[1].ico
| MD5 | a0c760136e1b6f7633a3582f734c53eb |
| SHA1 | 00176cd4ab6423fb4673ad856e79447b93dd05fe |
| SHA256 | c7eb5447c806948853f817df7f8a1871a8707987d5606e39b145d69f7dc29cd1 |
| SHA512 | b5f9d0e6fc9346ac34a87fc5cb42bf375a0e2d58eff5fb53dfae4a1e576940cb2f57f921be390bb66b5ebc7b174b9d88d8519a27773624f1dabc960e077ecf65 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | 05950353d10e25482e0a13e4a8abe6c5 |
| SHA1 | d343ec4a374e0071a43d39333299f8d43f1481a8 |
| SHA256 | bd67c56a844cb6d77b6f003b016f89d70920fa9db0937d4a65ce17209487d6ef |
| SHA512 | 75f6fcb6e5a970ba8620501ee1f3b39e2cf62bbf0e847a68527e2bb417bbbb3b503ab68b20bbffead33b21cab760433c917bb5c17eccd9520b52030f32585a03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e179f5e091d4988053bf57d55f3673 |
| SHA1 | bf2733dbe6cb0fa888c8ced4edf7ca60c15533fb |
| SHA256 | 462309d8ac615d2a8fad838eae75684756d2b09578060c1471ef3d7cfba343b2 |
| SHA512 | 09c7252a2de72308919248c1668fae1bcedc93d69736b0b302250a2e2cbf0091702f667607cc4c45b044a5d12e721c2df90e5661f4a7fcf54f608c1ccc1d1081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f5aa608c28f0cf3dd23288c78bea5ce |
| SHA1 | 72b31c76f66a537d061cf7c43ce894a7b5f46723 |
| SHA256 | 020b2cf609c53d6c8804cd9469fe2dd91fd6a9fe53de33e3f0093e853cdef0fd |
| SHA512 | 73f196aeb98de29b54aabe6ef83f3a1f78cb5afc2c0da299019784cbd9e62cfe16c648d9a881c65aad780d371c17ebf7d009692400a8c44961369b994396e8a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f27b413916397b79718adb6f6886689b |
| SHA1 | 817303b93de73642e2a709d62671adfb72076e4d |
| SHA256 | 2a41833ca4c19f249cbc9654794983244aa59ea948525d01efe471e76f62c91c |
| SHA512 | 5937c1656d2de0aa5404f32a2b9cc64a2016c5652afb1df7b1c0ce17888d7084baa6b1443cc99eca2b5e591bf2284811d4ba623a6aa3ac661b07a313a3b0a1d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad491ca9a7c33ea9903703e0335d90ca |
| SHA1 | 96a5f523f1760dc0ce01e776f882ca18a3973fb7 |
| SHA256 | aa12943dc2b79e6d81a43e9d5bb3b5e00b7673d19614ecea1db341ecec5fa8d0 |
| SHA512 | d4ad69b77b1b927d44cc3d356986c55d902276406e11890a59a5f0a87564eaad9e2ec2ca40edc4e46e31fd99dcea540eb4b6fe80e63b0701889ebebbe987c0d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86be32eaf23feda4626fdf5681b39a8b |
| SHA1 | 69183ba70357b532d9dd227b02db567deee76feb |
| SHA256 | 84de9f9ed2eac770d4f08092c424cbfbda3cf88e8881cb870862127b3941ae66 |
| SHA512 | f9b4d12b58d2240bb12de4b1965f97ea44ac5e132d7171354ffe2de6569a1c88766d64004e7795dd60491b7ebac73513dbd363d5295f26df7fa7557cb2a6e23d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6f01cd1e47336248927572ccf5bbdf |
| SHA1 | 8a50512775609e84721525b1fcd817373e8dffe3 |
| SHA256 | 604f38c29a96d52df80c5a72bc3c3715415ed320a73eec68300250ab1ea478a6 |
| SHA512 | 8b83f177085b4eeb85527c4224f3534ca0bb532b391afedf7e66e7922262af517962c4de5b35881e17621049b6b3c83bae03ef1c3429072a183f3af6a8489d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 154242387449399a77d18f37c07967a0 |
| SHA1 | 3aef5ab525a9680b8f7f87e7894ae78817fce772 |
| SHA256 | 61aa8e7cd22c4c063d0ad68a855dba6ebc52ae865494f34d1912d31796a8ab57 |
| SHA512 | 5cf8545c0a4c49ddf8f858958f3a80af242aaf5312fbe36fda34a7899cb366ed80585cd9dee679aa9fdcf3f0345092d904fc9bdf85f16affdc8066af0cda1bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1656749105fa084f447d3b450501d3a |
| SHA1 | 90fc09df1bbeec7bd3c41b25d9f556e98b6db764 |
| SHA256 | d4caba583da1c68a38522bd9423ba758deffcb5d454e09cceffb706532c4fb62 |
| SHA512 | 82ea28822ce0152f85b090d50ae72c475e848cf8d26cd99a94ad64335e9a8c0d868cc8fcf4dd0ec9ff068b41684889531da03c7a8962c1c5de56c39a62b38428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6596d5d910205be514389781a2fd582 |
| SHA1 | fc952f2f59fe62389b19af38b8c0828af104aa05 |
| SHA256 | 63971b06acc819558b3380529c1359efdf41782faf2e9af34df11c8ddd10f20a |
| SHA512 | 7bfb8e1de2db4fdbb905af3a0f421e9b4e8f4597759b9ddf2313203086e2a28b9789a86859beca4a944c358dc3796fb879167748f5153425842be62b2ee80c5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17c3d4ddb2514e4b67e87efdf8fa9ff2 |
| SHA1 | 2d9f54bca87c9ff606b66ad2121bf97a7caf7712 |
| SHA256 | 9972121c073bd855af9a0d0ff315e2a6e16ff600d3d5368ca80b6b9e70f28bb7 |
| SHA512 | 85b9885fcb2d80e0c6f849b7e3b2615d0f8a1999328a5c156678cef681b764c9d5b99649906e0fbb930a119991c436fe05542bf127022d56c162496eb5fd07f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VS29RBF\LDPlayer9_ens_1252_ld.exe.bh77i0v.partial
| MD5 | 85ca940958ea59dfb3788186d06ee00b |
| SHA1 | 2e8dd1aecbee61ea56dd6bc011f2b319d70cfc09 |
| SHA256 | c6bc9dd1221c9b6145160f67680d1b620d91f112844dfd5082d2766045a9fe34 |
| SHA512 | 4a8a4144e1221463e9c45c12402cef71b9fb0867ae4500abf02f6c41cdbcdfbbf591dd537449107a6c2728457c454905bd149ea7a978fc51000b790194d85718 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C97AP3FQ.txt
| MD5 | 3fe7ee4678cde926ab098eddfea0552c |
| SHA1 | 1d42f939bd843fe4d02a25a4daf0617fc7108171 |
| SHA256 | 62246b7d2511554452de520e58c611d7209170b6824537bfdc7d12565598c09e |
| SHA512 | bf20d0699b103e4b49760348a3d6bb2c81a968526ec3020c932cc3e0cf695f8e0a372d3fdcdd28fa1ee5cde0df1b06044f9811473d77e9b31a8743d3f945deb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 319b508cdcdd91b22eba449ad23bd4d9 |
| SHA1 | 47c4f7acaf4a2d1a192ca36aadd3e26a51f20474 |
| SHA256 | d7d255ba7d7fe49e1b639f446e0e782ecc4a61d7e527bb99671acbc00086ee61 |
| SHA512 | 8f7f6689628135efa3f3be63e134f086e7238e1d9f7d5512b09de9cc85139c882ca8c6b4645bc0420dc0612d25fcb65dc9d6c7443e60e4572e6e000159a6e7b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
| MD5 | 48c2100fc3688a72952681a70cd1da8f |
| SHA1 | ba2d27e28f79703a7b48ce16e16e37f3d7ce9ced |
| SHA256 | 6def22cdaf810f35cdf46151b12d726cf2676b37c8c8e674f91e1c6936f09242 |
| SHA512 | 9faf32442f319a985018ca8d48cfa3ed461a01645795ce085c02eff471f5552993a16a4cbd38142645ec88e2188f0e957d6135a8277f27bfd8bc627d3113ae86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
| MD5 | f8bcd1b49bcd5174bad3c49a49f51744 |
| SHA1 | 8cff8947a9bbf4b7b22ace2b2c9c97bb898d9b9e |
| SHA256 | 123e44c96c0dbadfb55efe93e98624d060ff52641d8ba0cf26b420964a141f29 |
| SHA512 | 912099802b410b9c106eb51aa3439bfc053ea7543d6b3b32b7b9edc28d84df1eed1f4c05c9afc624b631af69d9c0b1bb473f4ac2c7ccdb5fd9463491d2125300 |
C:\Users\Admin\AppData\Local\Temp\~DF4717B16CF5ED00FA.TMP
| MD5 | 2e7eaac33a853a1d77e9eb3cf4c0fab0 |
| SHA1 | 4f7d60ea29a13b99afef7563628e79c6a117963c |
| SHA256 | ccd95c2291972c71c663590cb05ed2fa7e2f1a64e62499a58cc6b7357fb0727b |
| SHA512 | 2d26641d0d29dac720220a5dcda84e5e64868f01c6f020c0c8f4e2f062997c873f1ddf85cce5fee74f5fd12d1f278a7b7b92a3253b9229ab737f15fac5ebc5f3 |
\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | a04a36948ab451c5344aed3ed9a3f9aa |
| SHA1 | c429b59db40462069c75706059d37348d4d8d6c5 |
| SHA256 | 4879f7caca2ff3cda2bc551fc895ea24b06b6b61767659e8f55fb6317a28fb5e |
| SHA512 | c549b03cd85de0b7be3e2783a6ee9fc09622a60750f43903a4a98f05f0d975384ddbf68ffcda5575c68cde2a9e8aa84bdc05e15174931ba5dd45dc5053f33056 |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
\LDPlayer\LDPlayer9\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | 70058f2d60daef1ccc7bbcba210f0ace |
| SHA1 | ef214ade419a724272ac82e9de5233d7c0afa64b |
| SHA256 | 43b26f40e04ae6854569a01803541245abffcd130f1345191afd8bf6b0ca7873 |
| SHA512 | a0b3ca59ffad882fbff69012023eaa8aadb77d3ff1252562e5480e7dc3c9336afb3c5f58fb435246ec48c758d3c9d17ae9ea8a28f9d4766fad1a4c672cbf9b9a |
\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 7d2b7e50bf352bcacd36ace10744bb75 |
| SHA1 | 8e30304a46431422f8f980141f674416e554fc8f |
| SHA256 | 14bff3e96d291118952ed06f7f475f882b2c1ecc1eac9823c508c63c02fc9da0 |
| SHA512 | deb21e0633c48959ff20e7ab1884230e00f1b97d1e156a41b967521221f2e29412be040ddff649db9e03a5977654df744f1bb974091a7e5cabb2c859bfc869fb |
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
| MD5 | 2c1e051baa6dd0b505ffcf93a10187c7 |
| SHA1 | 679802fe7589d6dc05e3d2947867c40ecd3779bf |
| SHA256 | f6e5fdd9ca37c610fa1e0d220acc46f23614c513eff48b9fef10f6abffdeff4d |
| SHA512 | 3662120f8395c2fb0f29dd8c08f7882ed1d1b9b6a7b14441292268c07462eb560b65f5845d83e4872606f0d556d2deb6836d07a687f9d056fd35e69abe4a3c4e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | e46bc300bf7be7b17e16ff12d014e522 |
| SHA1 | ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44 |
| SHA256 | 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e |
| SHA512 | f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll
| MD5 | c1fdd419184ef1f0895e4f7282d04dc5 |
| SHA1 | 42c00eee48c72bfde66bc22404cd9d2b425a800b |
| SHA256 | e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7 |
| SHA512 | 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 0fb91d94f6d006da24a3a2df6d295d81 |
| SHA1 | db8ae2c45940d10f463b6dbecd63c22acab1eee2 |
| SHA256 | e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8 |
| SHA512 | 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll
| MD5 | 1fb62ef7e71b24a44ea5f07288240699 |
| SHA1 | 875261b5537ed9b71a892823d4fc614cb11e8c1f |
| SHA256 | 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a |
| SHA512 | 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 13b358d9ecffb48629e83687e736b61d |
| SHA1 | 1f876f35566f0d9e254c973dbbf519004d388c8d |
| SHA256 | 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd |
| SHA512 | 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll
| MD5 | cedbeae3cb51098d908ef3a81dc8d95c |
| SHA1 | c43e0bf58f4f8ea903ea142b36e1cb486f64b782 |
| SHA256 | 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0 |
| SHA512 | 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll
| MD5 | 8fd05f79565c563a50f23b960f4d77a6 |
| SHA1 | 98e5e665ef4a3dd6f149733b180c970c60932538 |
| SHA256 | 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73 |
| SHA512 | 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll
| MD5 | 7041205ea1a1d9ba68c70333086e6b48 |
| SHA1 | 5034155f7ec4f91e882eae61fd3481b5a1c62eb0 |
| SHA256 | eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d |
| SHA512 | aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll
| MD5 | e87192a43630eb1f6bdf764e57532b8b |
| SHA1 | f9dda76d7e1acdbb3874183a9f1013b6489bd32c |
| SHA256 | d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf |
| SHA512 | 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | b8bce84b33ae9f56369b3791f16a6c47 |
| SHA1 | 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4 |
| SHA256 | 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8 |
| SHA512 | 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d3d72d7f4c048d46d81a34e4186600b4 |
| SHA1 | cdcad0a3df99f9aee0f49c549758ee386a3d915f |
| SHA256 | fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116 |
| SHA512 | 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | c99c9eea4f83a985daf48eed9f79531b |
| SHA1 | 56486407c84beecadb88858d69300035e693d9a6 |
| SHA256 | 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5 |
| SHA512 | 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a3f630a32d715214d6c46f7c87761213 |
| SHA1 | 1078c77010065c933a7394d10da93bfb81be2a95 |
| SHA256 | d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562 |
| SHA512 | 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 7ddd5548e3c4de83d036b59dbf55867a |
| SHA1 | e56b4d9cfca18fb29172e71546dc6ef0383ac4e9 |
| SHA256 | 75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef |
| SHA512 | 9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 18bdfd4b9e28f7eba7cbb354e9c12fcb |
| SHA1 | 26222efacb3fce1995253002c3ce294c7045cf97 |
| SHA256 | 3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154 |
| SHA512 | 7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 4394dafed734dfe937cf6edbbb4b2f75 |
| SHA1 | 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a |
| SHA256 | 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345 |
| SHA512 | 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 77c5cc86b89eed37610b80f24e88dcc2 |
| SHA1 | d2142ecce3432b545fedc8005cc1bf08065c3119 |
| SHA256 | 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6 |
| SHA512 | 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 2c8e5e31e996e2c0664f4a945cece991 |
| SHA1 | 8522c378bdd189ce03a89199dd73ed0834b2fa95 |
| SHA256 | 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979 |
| SHA512 | 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fbfcf220f1bf1051e82a40f349d4beae |
| SHA1 | 43154ea6705ab1c34207b66a0a544ac211c1f37d |
| SHA256 | 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d |
| SHA512 | e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bef17bf1ba00150163a2e1699ff5840a |
| SHA1 | 89145a894b17427f4cb2b4e7e814c92457fd2a75 |
| SHA256 | 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328 |
| SHA512 | 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c7c4a49c6ee6b1272ade4f06db2fa880 |
| SHA1 | b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e |
| SHA256 | 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f |
| SHA512 | 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | ebac9545734cc1bec37c1c32ffaff7d8 |
| SHA1 | 2b716ce57f0af28d1223f4794cc8696d49ae2f29 |
| SHA256 | d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26 |
| SHA512 | 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | c0c8790510471f12f3c4555e5f361e8e |
| SHA1 | 7adffc87c04b7df513bb163c3fbe9231b8e6566a |
| SHA256 | 60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80 |
| SHA512 | 4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll
| MD5 | 7243d672604766e28e053af250570d55 |
| SHA1 | 7d63e26ffb37bf887760dc28760d4b0873676849 |
| SHA256 | f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18 |
| SHA512 | 05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 6f9f9d52087ae4d8d180954b9d42778b |
| SHA1 | 67419967a40cc82a0ca4151589677de8226f9693 |
| SHA256 | ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0 |
| SHA512 | 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 56486925434ebcb5a88dd1dfa173b3d0 |
| SHA1 | f6224dd02d19debc1ecc5d4853a226b9068ae3cd |
| SHA256 | 4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce |
| SHA512 | 7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a639c64c03544491cd196f1ba08ae6e0 |
| SHA1 | 3ee08712c85aab71cfbdb43dbef06833daa36ab2 |
| SHA256 | a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60 |
| SHA512 | c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll
| MD5 | e1debeda8d4680931b3bb01fae0d55f0 |
| SHA1 | a26503c590956d4e2d5a42683c1c07be4b6f0ce7 |
| SHA256 | a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d |
| SHA512 | a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll
| MD5 | b72698a2b99e67083fabd7d295388800 |
| SHA1 | 17647fc4f151c681a943834601c975a5db122ceb |
| SHA256 | 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378 |
| SHA512 | 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 6e46e5cca4a98a53c6d2b6c272a2c3ba |
| SHA1 | bc8f556ee4260cce00f4dc66772e21b554f793a4 |
| SHA256 | 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce |
| SHA512 | cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll
| MD5 | a37faea6c5149e96dc1a523a85941c37 |
| SHA1 | 0286f5dafffa3cf58e38e87f0820302bcf276d79 |
| SHA256 | 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e |
| SHA512 | a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 6486e2f519a80511ac3de235487bee79 |
| SHA1 | b43fd61e62d98eea74cf8eb54ca16c8f8e10c906 |
| SHA256 | 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667 |
| SHA512 | 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 540d7c53d63c7ff3619f99f12aac0afe |
| SHA1 | 69693e13c171433306fb5c9be333d73fdf0b47ed |
| SHA256 | 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36 |
| SHA512 | ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 77e9c54da1436b15b15c9c7e1cedd666 |
| SHA1 | 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360 |
| SHA256 | 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658 |
| SHA512 | 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 89766e82e783facf320e6085b989d59d |
| SHA1 | a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed |
| SHA256 | b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90 |
| SHA512 | ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 769bf2930e7b0ce2e3fb2cbc6630ba2e |
| SHA1 | b9df24d2d37ca8b52ca7eb5c6de414cb3159488a |
| SHA256 | d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a |
| SHA512 | 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | bedc3d74c8a93128ef9515fd3e1d40eb |
| SHA1 | d207c881751c540651dbdb2dbd78e7ecd871bfe1 |
| SHA256 | fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32 |
| SHA512 | cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | c9649c9873f55cb7cdc3801b30136001 |
| SHA1 | 3d2730a1064acd8637bfc69f0355095e6821edfd |
| SHA256 | d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f |
| SHA512 | 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZPR6XXI79WOS2CMDW51W.temp
| MD5 | e6c350fff4946d4e8c548ed918c3f920 |
| SHA1 | 6a7721bf0ce231318464c810680cb36c77045bd2 |
| SHA256 | 7096db536654e9c1cff7011770674e2c6bc2978d302c881b0c96249fa99acc63 |
| SHA512 | 892e9d60ebc4e00289b52006902359c4ded160992c3b6e19e7f5197f6957f930252273fb03ea5cf7ea0d07674e0994e0673cf4a4f0ba988b9f497ac885f17cec |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | a723044f1c511790dd0ee3a3fa68c4cf |
| SHA1 | 670e6f907c2557c9685ad26c26d6d8fee5139942 |
| SHA256 | 861be3e240b075752d52c7b50c41bf22eab9314db4f11a20362c648198a0f2e4 |
| SHA512 | 0fa7da71864d1abdff83d3aa01597f5902c01899513b0333bcc5d756a15be02b8c5293b55c1d88e556010f53412a7dbd27b57b63b1074565f1f6de8e2952377c |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | f96c25bb4feee47fe4111660fa0706b3 |
| SHA1 | 284126ce4f80b6bfd6037f6137dee90c941e4eec |
| SHA256 | 9b5d44c60b18b36bcc1cc0e28585ae168d92239beda197d739c3e64edb229867 |
| SHA512 | b4297728f031863ccfb50de52d18f443d6ae893322e2f6b315497e187329275fbf41828867e614b35e9ff60ac6e3e1ae77d876fa8e131336c2d6a1fb6ff7db36 |
C:\LDPlayer\ldmutiplayer\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
memory/1108-1576-0x00000000356C0000-0x00000000356D0000-memory.dmp
memory/2196-1584-0x0000000000370000-0x0000000000380000-memory.dmp
memory/2196-1583-0x0000000000250000-0x0000000000260000-memory.dmp
memory/1108-1585-0x00000000048D0000-0x00000000048D2000-memory.dmp
memory/1108-1586-0x00000000056C0000-0x00000000056C2000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQSF8JR8\favicon[1].ico
| MD5 | ec2c34cadd4b5f4594415127380a85e6 |
| SHA1 | e7e129270da0153510ef04a148d08702b980b679 |
| SHA256 | 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7 |
| SHA512 | c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | 691923de05a1a4e64f531d15604670bd |
| SHA1 | 99cc2f77e4bc2e262ccc4578d75619c8151ec768 |
| SHA256 | 59657d6a50a358d5e170633e6b6e42414b030d85887a909d2a867a35c4b7e551 |
| SHA512 | 85dc81a76a229c9ee50d17333642b9293556f32803418ca9b77c994634b8f4045ca1920ce3dce4e4ae4fbb7c76f7d6233dc5d54c6c7c5b100bb6c8d0ebfb2435 |
memory/1108-1745-0x0000000073450000-0x00000000734CE000-memory.dmp
memory/1108-1747-0x0000000072E20000-0x0000000072E9A000-memory.dmp
memory/1108-1746-0x0000000072EA0000-0x0000000073446000-memory.dmp
memory/1108-1742-0x000000006F870000-0x000000007126B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89e405abdb2494cce52c5cc1aa180172 |
| SHA1 | 514b9e260848c0a7fc18f06ff6ad593be5f020c9 |
| SHA256 | 5c4ce424eed03342da578bb5d6f6c5917b5f5687b640aac6e0d93849222f2837 |
| SHA512 | 26c3541f7193113af7dc7b5a0c0c1cb96f1d1ea46b4f27f989955e1539c52b3aea35c7ece99dc29773719ed1ebe8ae7720f5ec3ca0b2f06f8244a94eed6ef259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c738002f39500985f65f440b15bee11 |
| SHA1 | 4fae6a32480fa931ad06bfedd80e327bc95b0cf8 |
| SHA256 | d2ebaaaacdf37d5f18a6882edf6f28b471eec6e3032d37b80ea9ac81775591e6 |
| SHA512 | fd91a5392997c9ccca022c178931de2e6cbb8911a5bcca21b847287ae7e2dd5216e984abf774023a3f76496309dfb637be3e504d9525d17237342b4c29ba1f77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4195ae258c327956355212d37f7c13ea |
| SHA1 | 66a8d5aa2fc826540ed6ba85ca4926456870c4f0 |
| SHA256 | 772a0ce34d8411642725f098d2f935dc7715750475662e83a61d3ceb573a89c4 |
| SHA512 | 860064ca53be2cd62d241d5dddebefb1b3b1936099a7be338ab30c8ad8aa66bec440bd773b4b58b6497ff8c978150242fd25eb3a9aa410a2f6c6ee786db575a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95c4798b984012a4269928c4f3988e73 |
| SHA1 | 27bd8fd51e954d77a185096cb60c4bdeac6e87a1 |
| SHA256 | f76bea3b577e3756970925db032f87143cefa2b84683bf634ceeb6f6fc072ab9 |
| SHA512 | ce8277a10aa6c80f62953212808f017945ab06d6511141de544d88c6b1f78af98d4f1d6e2c27b667d1280d2ce1a5eb56dec4bba96c5eb3044a1b805736cee14d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c01c10cc07a2d7fef4c7791facc83e5 |
| SHA1 | 1b280ca309f288dbd47c626ae29979fbe79fc1a2 |
| SHA256 | addec36ed95d05165c59a971349a3de2c5593656201f57ebd09d960e1e539d72 |
| SHA512 | 9ab56a1659001adc9cee069256fa1f63b551627a68bf6fe912268f83dda477c22af0cceeea69c0be675915c2ea10f23301361a5ab15ea3465afcd00f52df9d2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c1add86093c08e2cd48107a140307b |
| SHA1 | 4b8af53976b411f9587621f68b0606c1416a54f4 |
| SHA256 | 8df894937d0d74b3ee3fdf68ce2fb88e73f2ec8b1e8b6909ea8fb2e92ae5893a |
| SHA512 | 20bfdf1f17e68a78daf3f0250adac9ba8fc14de560325b3475df9791d17f43b26e5c2479cda3ecbd366697b6ba11d1a5c213c953f7458ca220abe8ac0351c137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce6a0939cfef5db9d4e3509322790d0f |
| SHA1 | 93372c9bd80dd54222b91b07dc58f5f25137a53a |
| SHA256 | 94aa48473c19c943024661fa2528eaef1d81a14dcb9d934df65abf698c44de6c |
| SHA512 | f573c9ec9a80530a8b1f15048751a1418326daa10e15eb87b4b07186980e8d141c4bee62d7cabd42e8fb774a5db439836a2e8a480bb555e62bbd4a459d64b327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a3ff749330b555efd56a701769ee94 |
| SHA1 | 92c76740e3841074d624c3eb60924013cd414dc0 |
| SHA256 | 84acd074e6730749757dd73bdb88a09d5de87bb955610478ead5d064e8875860 |
| SHA512 | 761ad23c48eb7fa1d81986b252d2f0e7f2892b5d3997b573d143c5783456b789c246623997535b9cdb2e2742bdeb06b4a2accc0dbb3d0f7a2698f8e603062a39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 448bfbb0d65ce16348ed7bc2bec8be67 |
| SHA1 | 70ba4a603fa1722b8a558e43ef08d6f5183ca9e0 |
| SHA256 | 14c06197899cbfbb2b0aec8c1fb590bbed6e5654aa8b10780d8de3162a6d3ab6 |
| SHA512 | ca8bb377dd3752daae6a3cc1eead41a8cecd45cf84ddd7962ed5cf35515c40108def0f1427ff922207d1ee83d16cfa4342504889d038f2999acaa04d63d5a16b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d70715022e1c927ce7542837207cb4c8 |
| SHA1 | 279dcec7f4f26b30244dbf7544cde6f4471ed79a |
| SHA256 | d90ec6dec1a8b3a27b3079c0f27a2165093e2745c3f731f1cd44225ecd22bfe1 |
| SHA512 | d0682a2d24b88332427c4e16632f1f12f54b9d89bd26dddcaf718b9b69aeb10bd70fcd12db34a58d8b2849e68189713745f031bf2678074ffec0045ac676a47f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 192795a422bce69f13ba7efe58cff49e |
| SHA1 | 3cdd063225d7f3e33f274112c8e014b8904b170c |
| SHA256 | 2baa8fba5965122635837dea5b4be08065abf1bdd3d08e0297940f8c387848e3 |
| SHA512 | 51178449fdb9179e0b802ca5cdccb9fa758a134bfc8f2ea18722949874b3a0407c368f7dc41abb2320b39f4f3de1443dcb52c35e804c9c7dd790e189fe9285b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c40d55be1b82630c36b7c16da8362084 |
| SHA1 | dae27224542b71fb7a4a02eed15b48c11b347c09 |
| SHA256 | 382f609a342ca149cc9f56866e7b1247ef5b4b8566ef6ee237bf71797c551e0d |
| SHA512 | c13e1fcf585f8b95c4fb1ff8f1c8d1dd260d534def783a6fff11055914c351e97191ab7fda28130711c8aba80ced3cb50f5095d68de95d9bcd9e8fc4d0a48da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 214e610ed5ea9fc75d897d179ee30a54 |
| SHA1 | 0bd1eeba01d17f348aed5a81724cadca4367ec9e |
| SHA256 | 79ce80fefde700a70b1043a792a24fec99d8ae73e961ac384a6601d8d16153c0 |
| SHA512 | 88ceda20f7c5e336f2a0863b94679c2bb502b208deea70acaca9960010f2d14517a6eb722f2d29994964f408c60bcad3e79e2d02bb5ccbdbecdcebc79eaa2961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cfa1b851b496bd68648f7dd4e35b87d |
| SHA1 | 26db90850620121e25a88d54fa172d4413b2b75e |
| SHA256 | a80f353488ab57da4ebb91b0b49c78fde241d72a4418d3324254b48052d68968 |
| SHA512 | 3604d1d1ff3e1fdff0f96a660a5ca8642463a6502f6f3ef840abfaf1f7345327d7f8e5139090c1ac6db00d530e229de603aebb6d76b9ffe0a1f3dfadc3036270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab6a7feac3dd2109d03d2f0170d8ab68 |
| SHA1 | cb112599415db30545cacb8e523a349cbd03cdb5 |
| SHA256 | ca8c44840de2326bef78332673fbb2bb1e36a9e85f0ea2e8bfdae31f881bac4e |
| SHA512 | be66d7cf736362c3eef212273073bb55a88d15e4cdd9b7526aa4cb4b1cd4693c6e51d450d7388ba69481e1a6cf5b1a92692d486e7eab86874a96d0672540a226 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b09d97e5a53d615f2abd1e9aaa7065f5 |
| SHA1 | 42076e8e164e69122c84557a7b62511437d93d24 |
| SHA256 | 4643fb0414c835e83841668047bcabf401b9c6dc07921375cba2e7432987d655 |
| SHA512 | dd86a8d44b4638d3c35d58102618dadc9c5db5167e796cf5c653ab85977da02c269a18e45bb2c2d0f0456c871b569ca71e1f8a51ac0881c3056a379f67359bc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18ed4db32fa2c16d98d99f295d68cdbc |
| SHA1 | 22784692e2519e4a9bd13d62116a142e4c4a2fd6 |
| SHA256 | 3d9598688534d8736ace1256bd042c0a4ced308f28a8307cd4f0a19d05ce41f5 |
| SHA512 | 0431c7417976819786a7264a654ff343feee4d8aa57c15296d84e839a75a5b05a973a09e2bfe54340e64eb8a5ec6561d95cdf360d26c8c06f289bb11c17416aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27ae4bb6824360593821ec523b33002e |
| SHA1 | c41522f513d7ca225688a3090eb85b0d296e6e93 |
| SHA256 | 5809977127b042f069ad04734da85847ecae0dbe6d73eadcc90df012405fd32e |
| SHA512 | a20f801cb08be413f332a880aa9ae9190c548e588683259516edb95389ff6477ad84ea08be0841888ad2164e7eb331b8aa697c81a113dad4269900c3b4eb71d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b78b01bb9f11ba0882152c732388f29 |
| SHA1 | 43562d94fa54d8ce95905da1559487876d79c890 |
| SHA256 | e9cbca2762141f84cdff483cc2c7659c119459bd3704894f3237a92ee48abd99 |
| SHA512 | 9e45b49d7bf7f00c7498fdd86d1c7f642456348ab1e2aede988f9a5cb4bb1b28f41a44b72359677ca5bc39e3722b2cbdc6e91c85399acc40a231a74eaba95d52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3932378497c423de833fd36e820ae5ca |
| SHA1 | a6f738d16a27c3fef67ac7a8da4fbbae285238f6 |
| SHA256 | c1cabb285a5f55ea0c823f8847d37c3111d5c696ec0011f93cc00e9d8ba88b6e |
| SHA512 | b3aba106adc453ad73b699c8e9df8d8811ff480cd40ec45bd26efd35277a8feab121610468f9df54dfb24d90f13503206e795d24a287a42e3256f6a541a93374 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 15:33
Reported
2024-05-26 15:38
Platform
win10-20240404-en
Max time kernel
299s
Max time network
299s
Command Line
"C:\Windows\system32\LaunchWinApp.exe" "https://www.ldplayer.net/versions"
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 50886c2582afda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "423510558" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{5F03C60D-D063-43D9-9164-DA9F34169A96} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = b0b541abddb1da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 9afd081782afda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.ldplayer.net/versions"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 163.181.154.233:443 | www.ldplayer.net | tcp |
| US | 163.181.154.233:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| US | 104.26.5.6:443 | cmp.setupcmp.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| US | 104.18.30.49:443 | stpd.cloud | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 233.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| GB | 3.162.20.47:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.159.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| FR | 216.58.214.162:443 | www.googletagservices.com | tcp |
| FR | 216.58.214.162:443 | www.googletagservices.com | tcp |
| US | 163.181.154.237:443 | ldcdn.ldmnq.com | tcp |
| US | 163.181.154.237:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | xinchacha2dv.ocsp-certum.com | udp |
| NL | 23.62.61.137:80 | xinchacha2dv.ocsp-certum.com | tcp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
memory/2504-16-0x000002181C520000-0x000002181C530000-memory.dmp
memory/2504-0-0x000002181C420000-0x000002181C430000-memory.dmp
memory/2504-35-0x000002181B4E0000-0x000002181B4E2000-memory.dmp
memory/4264-44-0x0000024B0B040000-0x0000024B0B140000-memory.dmp
memory/644-60-0x0000021B4DD00000-0x0000021B4DE00000-memory.dmp
memory/644-67-0x0000021B4DBC0000-0x0000021B4DBC2000-memory.dmp
memory/644-65-0x0000021B4D8B0000-0x0000021B4D8B2000-memory.dmp
memory/644-63-0x0000021B4D890000-0x0000021B4D892000-memory.dmp
memory/644-109-0x0000021B5F8A0000-0x0000021B5F8C0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6BFJQXVB\stpdwrapper[1].js
| MD5 | a73e21b1d7350d35eec0e3d8af3e6621 |
| SHA1 | 2eb1505a2d4af7fe0612fe42e52b27fc8386c009 |
| SHA256 | 3f1c13aa5b57e8e5327db01b9f4be01b087e010691a4d40041fd848bcdfa2da0 |
| SHA512 | 2356171d3f24a0fed69a5761c2261993012b33cc9243708172ded2945c21083b3ecebac39c0a444aa4287d17bc8330cc210b665b1f3ada8e9c3ac684b0d34555 |
memory/644-168-0x0000021B5FE00000-0x0000021B5FF00000-memory.dmp
memory/644-239-0x0000021B5EAF0000-0x0000021B5EAF2000-memory.dmp
memory/644-237-0x0000021B5EA50000-0x0000021B5EA52000-memory.dmp
memory/644-243-0x0000021B5EF80000-0x0000021B5EF82000-memory.dmp
memory/644-241-0x0000021B5EF00000-0x0000021B5EF02000-memory.dmp
memory/644-245-0x0000021B5EFE0000-0x0000021B5EFE2000-memory.dmp
memory/644-259-0x0000021B5FE00000-0x0000021B5FF00000-memory.dmp
memory/644-263-0x0000021B60DC0000-0x0000021B60EC0000-memory.dmp
memory/644-267-0x0000021B5F180000-0x0000021B5F182000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6BFJQXVB\f[1].txt
| MD5 | 9b5b38b1aefbff84849e3308a54952a6 |
| SHA1 | 46671693343d1b274a45e33d150a2705b5e88c55 |
| SHA256 | 7fcab2648be26745180427c662fb5bf7c756db3b64f20adaeedd64d3484ac773 |
| SHA512 | 2511314738d6ce0b26ce311362559db0a619367e44b800a086b505c4ee65a07da2a3936658407e4c1f8f74154c841937f23a9727a7524a0dd0985559eea00890 |
memory/2504-377-0x0000021823510000-0x0000021823511000-memory.dmp
memory/2504-376-0x0000021823500000-0x0000021823501000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3WNUAE56\favicon[1].ico
| MD5 | a0c760136e1b6f7633a3582f734c53eb |
| SHA1 | 00176cd4ab6423fb4673ad856e79447b93dd05fe |
| SHA256 | c7eb5447c806948853f817df7f8a1871a8707987d5606e39b145d69f7dc29cd1 |
| SHA512 | b5f9d0e6fc9346ac34a87fc5cb42bf375a0e2d58eff5fb53dfae4a1e576940cb2f57f921be390bb66b5ebc7b174b9d88d8519a27773624f1dabc960e077ecf65 |
memory/644-399-0x0000021B61F40000-0x0000021B62040000-memory.dmp
memory/644-448-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-454-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-460-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-459-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-458-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-457-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-456-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-455-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-453-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-452-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-451-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-450-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
memory/644-449-0x0000021B4D480000-0x0000021B4D490000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BFW8BSZG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |