Analysis Overview
score
10/10
SHA256
da6e05019ce5607fb94bdd61066ef3dc2e0b5049c89f5dd7f4cf511a608ab8c8
Threat Level: Known bad
The file 98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
Enumerates connected drives
Modifies Windows Firewall
Installs/modifies Browser Helper Object
Adds Run key to start application
Checks computer location settings
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
Checks for VirtualBox DLLs, possible anti-VM trick
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-05 13:14
Signatures
N/A
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 13:14
Reported
2024-06-05 13:17
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
148s
Command Line
"C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe"
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HCDNClient = "\"C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyKernel.exe\" -shell_start" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (50).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\image\feedback.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\image\image_band2.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\right_menu_icon_14.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\list\downloadproces.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\userinfo\b\game.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\userinfo\b\face_masking.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\internal_message\corner_mark.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\AdWnd_PromptCloseHot.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\made\loading_12.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Ctrl\GoodsCorner\goods_corner_bk (1).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\SelfVideoListRes\SelfVideoListFileItem.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CollectingToDesktop_MOV.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DownContinue_Hover.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (32).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\right_menu_icon_01_on.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\LobbyServerList1.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\PSkin\AdvertiseWnd\AdvertiseWnd_VolumeMute.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\PSkin\player\Player_Progressbar.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\loadingimage.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\downloadRes\bubble.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\clear_icon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\SearchRes\searchBoxBk.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\list\single.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\willonline.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DlgDownloadBG.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\main_seperator_left.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_demand.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\right_menu_icon_act.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\clock3.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\Progress_Active.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\web\blank_black.html | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\appdata\webcache\27\movieLib_pstyle.css | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\Keys\pcclient-key.pem | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\LoginRes\tip_btn.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\PersonalCenter\common\common_loginGuideWnd.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\list\big_point.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\list\recommendIcon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\mobileassistant2.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ClearIECache_hov.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\loading.html | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\only\loading_6.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\vip\loading_18.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Top\full.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\homepageRes\homepageRes_right_arrow_selected.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\videosquare\videosquare_item_comment_right_selected.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\Guide\SwitchModeGuide.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\vip\loading_11.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\FRAME_LINE.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Ctrl\GoodsCorner\goods_corner_bk (1).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Ctrl\GoodsCorner\goods_corner_bk (41).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PLRes\hot.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\aboutbox\aboutbox.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\PlayerRes\pstyle\minimode_1.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\head2.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\PSkin\player\player_LogoRight.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PLRes\offline.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\downloadRes\downLoad\btn_ok.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_exclusive_logo.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\fun.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\Menubar\MenuMoreUI.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\register\bds1.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\left_list_nologin.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Ctrl\select_album_default.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\iqiyi_logo.ttf | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\Fonts\iqiyi_logo.ttf | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\psnetwork.ini | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\vmpagedown.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\UnityWebPluginAX.ocx" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\pps | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qisu | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\QyBrowser.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\New Windows\Allow | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\AppName = "QyKernel.exe" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\magnet2 | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QyPlayer.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QyClient.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QyBrowser.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppName = "QYFollowVideo.exe" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\magnet2\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\ppsrun\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qygameclient | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\QyClient.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E} | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\AppName = "QyClient.exe" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOCONFIG_BRANDING\iexplore.exe = "1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppName = "QyClient.exe" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.pps.tv | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\ppstream\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\pps\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppName = "QyClient.exe" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QyFragment.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\qips\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\qygameclient\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppName = "QYFollowVideo.exe" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F} | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\QyFragment.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_AUTOCONFIG_BRANDING | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppstream | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppsrun | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.ppstream.com | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\QyPlayer.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\qisu\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qips | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}\1.0\ = "QYPlugin ActiveX ¿Ø¼þÄ£¿é" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\qips\shell\open | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\qygameclient\shell\open\command\ = "\"C:\\Program Files (x86)\\IQIYI Video\\Common\\QyGameClient\\QyGameClient.exe\" -qygameclient \"%1\"" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_pfv\shell\open | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3636FE13-B7E3-4CDC-B7E3-A8014BD2CC02}\TypeLib\ = "{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3636FE13-B7E3-4CDC-B7E3-A8014BD2CC02}\TypeLib\Version = "1.0" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B} | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlashHelper.1 | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\TypeLib\ = "{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\Control\ | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\qygameclient\shell | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}\1.0\HELPDIR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ToolboxBitmap32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\qisu\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib\ = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid32 | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter\CurVer\ = "IEHelper.FlvFilter.1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ = "爱奇艺浏览器插件" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\Control | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\UnityWebPlayer.UnityWebPlayer.1\CLSID\ = "{444785F1-DE89-4295-863A-D46C3A781394}" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\LocalLow\\Unity\\WebPlayer\\loader" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\IEHelper.DLL\AppID = "{F2A21BBC-4512-4A05-9224-1F6DBDEA4153}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter\ = "FlvFilter Class" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ = "爱奇艺浏览器插件" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ppstream | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ = "UnityWebPlayer Control" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pfv | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\ProgID\ = "IEHelper.FlashHelper.1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter\CLSID\ = "{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\AppID\UnityWebPluginAX.ocx | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\UnityWebPlayer.UnityWebPlayer\ = "UnityWebPlayer Control" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_qsv\shell\open\command | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps\shell | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\qisu\shell\open\command\ = "\"C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyClient.exe\" -ppstream \"%1\"" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_qsv\shell\open | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\ProgID | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin.dll, 1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1\CLSID\ = "{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.qsv\OpenWithProgIds | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\qygameclient\shell\open\command | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\UnityWebPluginAX.ocx, 102" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib\ = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\VersionIndependentProgID\ = "IEHelper.FlashHelper" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ppsrun\shell\open\command | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlashHelper\CurVer\ = "IEHelper.FlashHelper.1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\ = "°®ÆæÒÕÖúÊÖ" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter.1\ = "FlvFilter Class" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\VersionIndependentProgID | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ppstream\shell\open\command | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\WOW6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus\1\ = "131473" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob = 040000000100000010000000a1f2f9b5d2c87a74b8f305f1d7e1848d030000000100000014000000b94294bf91ea8fb64be61097c7fb001359b676cb68000000010000000800000000800c13c1b9d4017e000000010000000800000000c00c0f7f39d3010b000000010000000e00000057006f005300690067006e0000001d000000010000001000000051541f96c328dd7ac3ef2bdce753ac47140000000100000014000000e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e6200000001000000200000004b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d857085300000001000000230000003021301f06092b06010401829b510230123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080f000000010000001400000044cb4357ecb773b9ac3a3b0b1e45ab6bc45c2f1c20000000010000007a050000308205763082035ea00302010202105e68d61171946350560068f33ec9c591300d06092a864886f70d01010505003055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e301e170d3039303830383031303030315a170d3339303830383031303030315a3055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100bdca8dacb8911556977b6b5c7ac2de6bd9a1b0c31023faa7a1b2cc31fa3ed9a6296f163de06bf8b8405fdb39a8007a8ba04d547dc22278fc8e09b8a885d7cc95974b74d89e7ef000e40e89ae4928441a1099320f258853a40db30f1208160b0371271c7fe1dbd2fd6768c4055d0a0e5d70d7d897a0bc53419a918df49e36667a7e56c1905fe6b1682036a48c242c2c470b59766630b5bedeed8ff89dd3bb0130e6f2f30ee02c9280f385f9288ab4542e9aedf776fc156816eb4a6ceb2e128fd4cffe0cc75c1d0b7e0532be5eb0092a42d5c94e90b3590dbb7a7ecdd5085ab47fd81c6911f9270f7b06af5483187be1dd547a51686e77fcc6bf524a6646a1b2671abba34f77a0be5dfffc560b43727790ca9ef9f239f50da9f4ead7e7b3102f30423721cc3070c986980fcc584d83bb7de51aa5378db6ac3297003a6371241e9e37c4ff74d437c0e2fe88466011dd083f5036abb87aa495626a6eb0ca6a215a69f3f3fb1d703995f3a76ea68189a188c53b71caa352ee83bbfda077f4e46fe742db6d4a998a3448bc17dce4800822b6f231c03f043eeb9f2079d6b80664640231d7a9cd52fb84456909002adc558bc406464bc04a1d095b3928fda9abce00f92e484b26e6304ca558cab444824fe7911e33c3b093ff11fc81d2ca1f7129dd764f9225af1d81b70f2f8cc306cc2f27a34ae40e99ba7c1e451f7faa194596fdfc3d0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e300d06092a864886f70d01010505000382020100a8cb7240b276c17e7bfcad64e3327bcc3cb65d46d3f52ce2705dc82ed8067d98d10b21a0895924019df9af097d0a238234d5fc7c7299b9a3d754f4ea52700ec5f5d63be13a0932e6213993bdb315ea4f6af4f58b3f2f7c8d582ec5e139a03ec73d4a739e407ac02b61a967c9f324b9b36d552c5a1d9e2572ce0badaac755620bbefb63b3614423a3cbe11a0ef79a064dded4234e21965b395b571d2f5d085e0979ff7c97b54d83ae0dd6e6a379e033d099960230a73effd2a3433f055a06ea4402da7cf848d033a9f907c795e1f53ef55d71baf295a974886159e3bfca5a13ba72b48c5d3687e9a6c53c13bfded04426eeb7ec2e70fad79db7ace5c5405ae6d76c7b2cc3569b47cd0bcefa1bb421d7b766b8f425308b5c0db9ea67b2f46daed5a19e4fd89fe92702b01d06d68fe3fb48129f7f11a1103e4c513a96b0d113f1c7d826ae3aca91c4699ddf012964516f68da14ec084197908dd0b280f2cfc23dbf9168c580671ec4601355d56199577cba950f61493aca75bcc90a933f670e12f228e2311bc05716df087c19c17e0f1f851e0a367c5b7e27bc7abfe0dbf4da52bdde0c547031914395c8bcf03edd097e306450ed7f01a433674d684fbe15efb0f60211a21b13253adcc259f1e35c46bb672c0246ea1e48a6e65bd9b5bc51a29296dbaac63722a6fecc2074a32da92e6bcbc0821121b59379ee4486bed71ee41efb | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob = 1900000001000000100000002ee0c890fdcb0441fa180c68348589950f000000010000001400000044cb4357ecb773b9ac3a3b0b1e45ab6bc45c2f1c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703085300000001000000230000003021301f06092b06010401829b510230123010060a2b0601040182373c0101030200c06200000001000000200000004b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708140000000100000014000000e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e1d000000010000001000000051541f96c328dd7ac3ef2bdce753ac470b000000010000000e00000057006f005300690067006e0000007e000000010000000800000000c00c0f7f39d30168000000010000000800000000800c13c1b9d401030000000100000014000000b94294bf91ea8fb64be61097c7fb001359b676cb040000000100000010000000a1f2f9b5d2c87a74b8f305f1d7e1848d20000000010000007a050000308205763082035ea00302010202105e68d61171946350560068f33ec9c591300d06092a864886f70d01010505003055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e301e170d3039303830383031303030315a170d3339303830383031303030315a3055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100bdca8dacb8911556977b6b5c7ac2de6bd9a1b0c31023faa7a1b2cc31fa3ed9a6296f163de06bf8b8405fdb39a8007a8ba04d547dc22278fc8e09b8a885d7cc95974b74d89e7ef000e40e89ae4928441a1099320f258853a40db30f1208160b0371271c7fe1dbd2fd6768c4055d0a0e5d70d7d897a0bc53419a918df49e36667a7e56c1905fe6b1682036a48c242c2c470b59766630b5bedeed8ff89dd3bb0130e6f2f30ee02c9280f385f9288ab4542e9aedf776fc156816eb4a6ceb2e128fd4cffe0cc75c1d0b7e0532be5eb0092a42d5c94e90b3590dbb7a7ecdd5085ab47fd81c6911f9270f7b06af5483187be1dd547a51686e77fcc6bf524a6646a1b2671abba34f77a0be5dfffc560b43727790ca9ef9f239f50da9f4ead7e7b3102f30423721cc3070c986980fcc584d83bb7de51aa5378db6ac3297003a6371241e9e37c4ff74d437c0e2fe88466011dd083f5036abb87aa495626a6eb0ca6a215a69f3f3fb1d703995f3a76ea68189a188c53b71caa352ee83bbfda077f4e46fe742db6d4a998a3448bc17dce4800822b6f231c03f043eeb9f2079d6b80664640231d7a9cd52fb84456909002adc558bc406464bc04a1d095b3928fda9abce00f92e484b26e6304ca558cab444824fe7911e33c3b093ff11fc81d2ca1f7129dd764f9225af1d81b70f2f8cc306cc2f27a34ae40e99ba7c1e451f7faa194596fdfc3d0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e300d06092a864886f70d01010505000382020100a8cb7240b276c17e7bfcad64e3327bcc3cb65d46d3f52ce2705dc82ed8067d98d10b21a0895924019df9af097d0a238234d5fc7c7299b9a3d754f4ea52700ec5f5d63be13a0932e6213993bdb315ea4f6af4f58b3f2f7c8d582ec5e139a03ec73d4a739e407ac02b61a967c9f324b9b36d552c5a1d9e2572ce0badaac755620bbefb63b3614423a3cbe11a0ef79a064dded4234e21965b395b571d2f5d085e0979ff7c97b54d83ae0dd6e6a379e033d099960230a73effd2a3433f055a06ea4402da7cf848d033a9f907c795e1f53ef55d71baf295a974886159e3bfca5a13ba72b48c5d3687e9a6c53c13bfded04426eeb7ec2e70fad79db7ace5c5405ae6d76c7b2cc3569b47cd0bcefa1bb421d7b766b8f425308b5c0db9ea67b2f46daed5a19e4fd89fe92702b01d06d68fe3fb48129f7f11a1103e4c513a96b0d113f1c7d826ae3aca91c4699ddf012964516f68da14ec084197908dd0b280f2cfc23dbf9168c580671ec4601355d56199577cba950f61493aca75bcc90a933f670e12f228e2311bc05716df087c19c17e0f1f851e0a367c5b7e27bc7abfe0dbf4da52bdde0c547031914395c8bcf03edd097e306450ed7f01a433674d684fbe15efb0f60211a21b13253adcc259f1e35c46bb672c0246ea1e48a6e65bd9b5bc51a29296dbaac63722a6fecc2074a32da92e6bcbc0821121b59379ee4486bed71ee41efb | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob = 5c000000010000000400000000100000040000000100000010000000a1f2f9b5d2c87a74b8f305f1d7e1848d030000000100000014000000b94294bf91ea8fb64be61097c7fb001359b676cb68000000010000000800000000800c13c1b9d4017e000000010000000800000000c00c0f7f39d3010b000000010000000e00000057006f005300690067006e0000001d000000010000001000000051541f96c328dd7ac3ef2bdce753ac47140000000100000014000000e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e6200000001000000200000004b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d857085300000001000000230000003021301f06092b06010401829b510230123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080f000000010000001400000044cb4357ecb773b9ac3a3b0b1e45ab6bc45c2f1c1900000001000000100000002ee0c890fdcb0441fa180c683485899520000000010000007a050000308205763082035ea00302010202105e68d61171946350560068f33ec9c591300d06092a864886f70d01010505003055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e301e170d3039303830383031303030315a170d3339303830383031303030315a3055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100bdca8dacb8911556977b6b5c7ac2de6bd9a1b0c31023faa7a1b2cc31fa3ed9a6296f163de06bf8b8405fdb39a8007a8ba04d547dc22278fc8e09b8a885d7cc95974b74d89e7ef000e40e89ae4928441a1099320f258853a40db30f1208160b0371271c7fe1dbd2fd6768c4055d0a0e5d70d7d897a0bc53419a918df49e36667a7e56c1905fe6b1682036a48c242c2c470b59766630b5bedeed8ff89dd3bb0130e6f2f30ee02c9280f385f9288ab4542e9aedf776fc156816eb4a6ceb2e128fd4cffe0cc75c1d0b7e0532be5eb0092a42d5c94e90b3590dbb7a7ecdd5085ab47fd81c6911f9270f7b06af5483187be1dd547a51686e77fcc6bf524a6646a1b2671abba34f77a0be5dfffc560b43727790ca9ef9f239f50da9f4ead7e7b3102f30423721cc3070c986980fcc584d83bb7de51aa5378db6ac3297003a6371241e9e37c4ff74d437c0e2fe88466011dd083f5036abb87aa495626a6eb0ca6a215a69f3f3fb1d703995f3a76ea68189a188c53b71caa352ee83bbfda077f4e46fe742db6d4a998a3448bc17dce4800822b6f231c03f043eeb9f2079d6b80664640231d7a9cd52fb84456909002adc558bc406464bc04a1d095b3928fda9abce00f92e484b26e6304ca558cab444824fe7911e33c3b093ff11fc81d2ca1f7129dd764f9225af1d81b70f2f8cc306cc2f27a34ae40e99ba7c1e451f7faa194596fdfc3d0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e300d06092a864886f70d01010505000382020100a8cb7240b276c17e7bfcad64e3327bcc3cb65d46d3f52ce2705dc82ed8067d98d10b21a0895924019df9af097d0a238234d5fc7c7299b9a3d754f4ea52700ec5f5d63be13a0932e6213993bdb315ea4f6af4f58b3f2f7c8d582ec5e139a03ec73d4a739e407ac02b61a967c9f324b9b36d552c5a1d9e2572ce0badaac755620bbefb63b3614423a3cbe11a0ef79a064dded4234e21965b395b571d2f5d085e0979ff7c97b54d83ae0dd6e6a379e033d099960230a73effd2a3433f055a06ea4402da7cf848d033a9f907c795e1f53ef55d71baf295a974886159e3bfca5a13ba72b48c5d3687e9a6c53c13bfded04426eeb7ec2e70fad79db7ace5c5405ae6d76c7b2cc3569b47cd0bcefa1bb421d7b766b8f425308b5c0db9ea67b2f46daed5a19e4fd89fe92702b01d06d68fe3fb48129f7f11a1103e4c513a96b0d113f1c7d826ae3aca91c4699ddf012964516f68da14ec084197908dd0b280f2cfc23dbf9168c580671ec4601355d56199577cba950f61493aca75bcc90a933f670e12f228e2311bc05716df087c19c17e0f1f851e0a367c5b7e27bc7abfe0dbf4da52bdde0c547031914395c8bcf03edd097e306450ed7f01a433674d684fbe15efb0f60211a21b13253adcc259f1e35c46bb672c0246ea1e48a6e65bd9b5bc51a29296dbaac63722a6fecc2074a32da92e6bcbc0821121b59379ee4486bed71ee41efb | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob = 0f000000010000001400000044cb4357ecb773b9ac3a3b0b1e45ab6bc45c2f1c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703085300000001000000230000003021301f06092b06010401829b510230123010060a2b0601040182373c0101030200c06200000001000000200000004b22d5a6aec99f3cdb79aa5ec06838479cd5ecba7164f7f22dc1d65f63d85708140000000100000014000000e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e1d000000010000001000000051541f96c328dd7ac3ef2bdce753ac470b000000010000000e00000057006f005300690067006e0000007e000000010000000800000000c00c0f7f39d30168000000010000000800000000800c13c1b9d401030000000100000014000000b94294bf91ea8fb64be61097c7fb001359b676cb20000000010000007a050000308205763082035ea00302010202105e68d61171946350560068f33ec9c591300d06092a864886f70d01010505003055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e301e170d3039303830383031303030315a170d3339303830383031303030315a3055310b300906035504061302434e311a3018060355040a1311576f5369676e204341204c696d69746564312a30280603550403132143657274696669636174696f6e20417574686f72697479206f6620576f5369676e30820222300d06092a864886f70d01010105000382020f003082020a0282020100bdca8dacb8911556977b6b5c7ac2de6bd9a1b0c31023faa7a1b2cc31fa3ed9a6296f163de06bf8b8405fdb39a8007a8ba04d547dc22278fc8e09b8a885d7cc95974b74d89e7ef000e40e89ae4928441a1099320f258853a40db30f1208160b0371271c7fe1dbd2fd6768c4055d0a0e5d70d7d897a0bc53419a918df49e36667a7e56c1905fe6b1682036a48c242c2c470b59766630b5bedeed8ff89dd3bb0130e6f2f30ee02c9280f385f9288ab4542e9aedf776fc156816eb4a6ceb2e128fd4cffe0cc75c1d0b7e0532be5eb0092a42d5c94e90b3590dbb7a7ecdd5085ab47fd81c6911f9270f7b06af5483187be1dd547a51686e77fcc6bf524a6646a1b2671abba34f77a0be5dfffc560b43727790ca9ef9f239f50da9f4ead7e7b3102f30423721cc3070c986980fcc584d83bb7de51aa5378db6ac3297003a6371241e9e37c4ff74d437c0e2fe88466011dd083f5036abb87aa495626a6eb0ca6a215a69f3f3fb1d703995f3a76ea68189a188c53b71caa352ee83bbfda077f4e46fe742db6d4a998a3448bc17dce4800822b6f231c03f043eeb9f2079d6b80664640231d7a9cd52fb84456909002adc558bc406464bc04a1d095b3928fda9abce00f92e484b26e6304ca558cab444824fe7911e33c3b093ff11fc81d2ca1f7129dd764f9225af1d81b70f2f8cc306cc2f27a34ae40e99ba7c1e451f7faa194596fdfc3d0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414e166cf0ed1f1b34bb7062014fe8712d5f6fefb3e300d06092a864886f70d01010505000382020100a8cb7240b276c17e7bfcad64e3327bcc3cb65d46d3f52ce2705dc82ed8067d98d10b21a0895924019df9af097d0a238234d5fc7c7299b9a3d754f4ea52700ec5f5d63be13a0932e6213993bdb315ea4f6af4f58b3f2f7c8d582ec5e139a03ec73d4a739e407ac02b61a967c9f324b9b36d552c5a1d9e2572ce0badaac755620bbefb63b3614423a3cbe11a0ef79a064dded4234e21965b395b571d2f5d085e0979ff7c97b54d83ae0dd6e6a379e033d099960230a73effd2a3433f055a06ea4402da7cf848d033a9f907c795e1f53ef55d71baf295a974886159e3bfca5a13ba72b48c5d3687e9a6c53c13bfded04426eeb7ec2e70fad79db7ace5c5405ae6d76c7b2cc3569b47cd0bcefa1bb421d7b766b8f425308b5c0db9ea67b2f46daed5a19e4fd89fe92702b01d06d68fe3fb48129f7f11a1103e4c513a96b0d113f1c7d826ae3aca91c4699ddf012964516f68da14ec084197908dd0b280f2cfc23dbf9168c580671ec4601355d56199577cba950f61493aca75bcc90a933f670e12f228e2311bc05716df087c19c17e0f1f851e0a367c5b7e27bc7abfe0dbf4da52bdde0c547031914395c8bcf03edd097e306450ed7f01a433674d684fbe15efb0f60211a21b13253adcc259f1e35c46bb672c0246ea1e48a6e65bd9b5bc51a29296dbaac63722a6fecc2074a32da92e6bcbc0821121b59379ee4486bed71ee41efb | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe"
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe
"C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe" /S
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" QiyiUpdate "C:\Program Files (x86)\IQIYI Video" true
C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe" -install
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin64.dll"
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\vmpagedown.exe
"C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\vmpagedown.exe" "http://vodguide.ppstream.iqiyi.com/search.php?ver=1.0.6.55" "C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\vmPage\search_top.zip"
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe
"C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe" "C:\Users\Public\QiYi\QiyiHCDN\Config"
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" QiyiUpdate "C:\Users\Admin\AppData\Roaming\IQIYI Video" true
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe" -i
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe"
C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe" -finstall
C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe"
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" videolibrary=uninstall_setup
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频客户端" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺HCDN网络数据传输组件" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频播放器" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyMiniPlayer.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyMiniPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺PPS影音 播放器组件" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyPlayer.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺升级模块" dir=in program="C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe" action=allow description="C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频辅助程序" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyFragment.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyFragment.exe"
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe
"C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe" -output "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\爱奇艺PPS.lnk" -target "C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe" -parameters "quicklaunchrun" -workingdir "C:\Program Files (x86)\IQIYI Video\LStyle" -appid "IQIYI, Inc.PCClient" -icon "C:\Program Files (x86)\IQIYI Video\LStyle\skin\Logo\LogoBevel.ico" -description "使用爱奇艺PPS收看影视节目,清晰流畅更新快"
C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.static.iqiyi.com | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| SG | 118.26.120.3:80 | dl.static.iqiyi.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.26.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vodguide.ppstream.iqiyi.com | udp |
| SG | 118.26.120.1:80 | vodguide.ppstream.iqiyi.com | tcp |
| US | 8.8.8.8:53 | static.qiyi.com | udp |
| US | 8.8.8.8:53 | 1.120.26.118.in-addr.arpa | udp |
| SG | 118.26.120.3:80 | static.qiyi.com | tcp |
| US | 8.8.8.8:53 | msg.iqiyi.com | udp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| SG | 118.26.120.3:80 | static.qiyi.com | tcp |
| N/A | 10.127.255.255:5353 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | policy.video.iqiyi.com | udp |
| US | 8.8.8.8:53 | list3.ppstream.com.iqiyi.com | udp |
| US | 8.8.8.8:53 | gameguide.youxi.pps.tv | udp |
| US | 8.8.8.8:53 | pdata.video.iqiyi.com | udp |
| SG | 161.117.186.135:80 | policy.video.iqiyi.com | tcp |
| SG | 161.117.186.135:80 | policy.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | msg.71.am | udp |
| SG | 118.26.120.1:80 | gameguide.youxi.pps.tv | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| CN | 58.215.125.47:17788 | udp | |
| CN | 1.28.145.90:17788 | udp | |
| CN | 119.188.133.179:17788 | udp | |
| CN | 183.61.167.73:17788 | udp | |
| CN | 120.192.88.85:17788 | udp | |
| CN | 163.177.41.145:17788 | udp | |
| CN | 163.177.41.164:17788 | udp | |
| US | 8.8.8.8:53 | flux.hcdn.qiyi.com | udp |
| SG | 118.26.120.1:80 | gameguide.youxi.pps.tv | tcp |
| SG | 118.26.120.1:80 | gameguide.youxi.pps.tv | tcp |
| US | 8.8.8.8:53 | uaa.iqiyi.com | udp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| CN | 123.125.84.228:80 | uaa.iqiyi.com | tcp |
| US | 8.8.8.8:53 | 47.125.215.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.145.28.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.133.188.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.167.61.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.88.192.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.41.177.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.41.177.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.186.117.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.175.119.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aia1.wosign.com | udp |
| CN | 180.163.251.149:80 | aia1.wosign.com | tcp |
| US | 8.8.8.8:53 | list.youxi.pps.tv | udp |
| N/A | 127.0.0.1:80 | tcp | |
| SG | 118.26.120.3:80 | list.youxi.pps.tv | tcp |
| US | 8.8.8.8:53 | list.youxi.ppstream.com | udp |
| SG | 118.26.120.3:80 | list.youxi.ppstream.com | tcp |
| N/A | 10.127.255.255:60000 | udp | |
| N/A | 10.127.255.255:60001 | udp | |
| N/A | 10.127.255.255:60002 | udp | |
| N/A | 10.127.255.255:60003 | udp | |
| N/A | 10.127.255.255:60004 | udp | |
| N/A | 10.127.255.255:60005 | udp | |
| N/A | 10.127.255.255:60006 | udp | |
| N/A | 10.127.255.255:60007 | udp | |
| N/A | 10.127.255.255:60008 | udp | |
| N/A | 10.127.255.255:60009 | udp | |
| US | 8.8.8.8:53 | cache.hall.game.pps.tv | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | count.game.pps.tv | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cdata.video.qiyi.com | udp |
| US | 8.8.8.8:53 | msg.iqiyi.com | udp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| CN | 111.48.118.157:80 | msg.iqiyi.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\StdUtils.dll
| MD5 | 572b16bf94a6492976f777b7d0373971 |
| SHA1 | 3ae46f117f0d3ea32b28de9a73fca0d912260203 |
| SHA256 | fb87ec46457a836060bd3ee33bb37ec4d222d4974816654b32ba9d40efd90c75 |
| SHA512 | 872347db453458f3bfe6d6bb9dbb66305abcf5773acaaea4d06e8800b3329f536d70e6c96e6dd59a20e963bfce496a0fe014302d2469353bfbcba0fbd2ba6fd6 |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\nsProcess.dll
| MD5 | dacc5f5531887a11804bda084e12cee1 |
| SHA1 | 85e9f509668d9d78120435e5df593d988b16029a |
| SHA256 | 18584f582d454c15de69b515dcd8952a446bf18514de532c309b351b30d77066 |
| SHA512 | f16dcc34d444490621df50ea70772a692592bb35f078f7e7a7360976da873e8e917663344864b56f5989a65ecdaa70d8eb0df4f8a2495f50aa5d25f6f248ae4a |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\NSISdl.dll
| MD5 | 8ff1b274c581f2e928a418f3b90620eb |
| SHA1 | ad7ad3acd29b882204e74fe36369a6b89a8beed4 |
| SHA256 | df10d5b4ca10ea6ddce96d6ddecfc175f1dff4292a8c5c1f8e0adfb6e1e824c3 |
| SHA512 | a932f9b77fb801e624069661f9c0a7fab4a1e540d763d51bca91e2570767029261946c4ef522e1e9fecc189cd8090e99ba9b454439a3e3fec2ca318dcb428691 |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\DialogEx.dll
| MD5 | e0f33283138ef1c169f71cb1708985a3 |
| SHA1 | f10f88a272fc7c14f3a37d0f650aa7480bc1efd0 |
| SHA256 | a9b34148448d893558dbb91b51bbbdddd535e2c8387a13e930a4b5096b0af03c |
| SHA512 | 8094b5096cb0c4ee6572217beab6419b8d9ecdb2b902c9c596ef3cc513e4916b05c2bb54fd6084f274b6919d4871ae31cce4eddadd272cb7516c30dfc7c7db0a |
memory/4172-31-0x0000000004FB0000-0x0000000004FB9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\nsis7z.dll
| MD5 | cb22c301a35e0d8551578940c018868d |
| SHA1 | 1aa3a19c0c5e8cd02feedca50fb1845a99964ee6 |
| SHA256 | d77183207b8a3b6bf4d7267aee06c7d0f76a6b42e0c007e596931ec59dfa597d |
| SHA512 | f1997bc05c360c1adad90317e7aeb97af9982b2e40e4aadd88522d640fda44648c733e19c572b01647cfb6b2093f2387b41db37f52cd87b8d02c479be0395f5c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\Signin.png
| MD5 | 053bf204ab9961e6843a052348ca8d5a |
| SHA1 | cfd71af85b0cae52a4c54429e925add459287de6 |
| SHA256 | 1b02340f651f6af1019402f595737b2e71f1e341892e419ae64617aa571db6af |
| SHA512 | 3476e12f9ba18a7663b6519ecec7fba8379a974d5962b37fa0d0ae024f9cb554d9ec44a13c2fc739e472b851531259aa3460f89c7683fde9e8de0b5e8a1051b8 |
C:\Program Files (x86)\IQIYI Video\LStyle\appdata\webcache\2\movieLib_pstyle.css
| MD5 | 04934b72e752e77dd0bf67c9d06a2272 |
| SHA1 | 9e5d3a5a81089989981cd9a44784e42ac40c638d |
| SHA256 | a18e3ac76891027def955b9f310ac15a51c8b514e7b63aa27cbb96f8d38cf926 |
| SHA512 | 7df18a0a080715a781df5baa0a7fccef6eaa4818bed11d985c42ee81acb9ce2665a5aacf30b7517d4d30c1aac6557f6d6a8b6623c15a7ce8f10c5d7691ee380f |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\made\loading_17.png
| MD5 | 0893bfeefb776d58da6ef7bd6b8d64c8 |
| SHA1 | c9905b5a2edb4f4caf87c76425e7db4e63b699d6 |
| SHA256 | e0787ff81f12df511d1b97382c78d58bf28269fac897eae4e0faddffe7be6aeb |
| SHA512 | fe8735b4b0042d1124ccf1dc55edd298fdfadb101bdab735b0bff89068909e61d81cef5b4ba967bc11a683b064cfe7638ea91cc4026a9073e197fc489ec78435 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\normal\loading_17.png
| MD5 | 28853faad82cbc1110fddc0c3a54d85d |
| SHA1 | d11e7cb83ceba8bd8223b59150bbd747222715f4 |
| SHA256 | 59fe4bb150bb9bbb28bedff5d2aaa87307041420100c2be31c9084f9a92fc342 |
| SHA512 | 4cd0a50c61f650df55ede29da8e72f5b909cbd6bae3d375176b0952ca8d46ce0ef06e104ab540e500f23e9ae9af9e2fcfb3b6c52ab7ed8cd6e7a11696150eb1e |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\only\config.ini
| MD5 | 534a43f71c3ae9f4860a02b65d1de41d |
| SHA1 | c6929fb5bba5aa8b56a3c891e9fdc1f571ab42c7 |
| SHA256 | b7b478999cc6ff9694335c0877d9a0182415a0478eb04d660849c8c98556672f |
| SHA512 | 5a048eb691bf368d955c010d30dd122dd27980de7da38a7e0ee1e13b9d98b71e3a5edc5cc1af908d73014bd6a4a2f25aaec5750156598c871d516d6dbcd838c8 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\only\loading_16.png
| MD5 | 11007ca324dd134924fa2bca5244eb73 |
| SHA1 | 56fa6e06d7db2e9693d7eb26eb13d52ab9ce8fc3 |
| SHA256 | 05395237709655d0cb9de583e7c2a3192df91388333d70923798eaf61b1562bb |
| SHA512 | bfa1d34ac7312cc273fbb59748a6e6f0cea6c6db7a498c04dfc8ebc2491806cd9d55fe766f727e3c0a130699a7f20d1a8d2e01ea005ad15cf706b0916a115e63 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PLRes\btnPopUpClose.png
| MD5 | 7844d223803d5f35c4eb453908d3d3d2 |
| SHA1 | f6946969ca172c5735f19cc5215ee170bd963bb6 |
| SHA256 | 38e371539a017a690e546a161ce82dbb757ccfd46e7bfa46c79f8377a9d6a223 |
| SHA512 | 4db164312a9813a0288abef93a4ae7d12945a3f290010603e9343b4bafea8883a1bc626ebea2e548eb6fb915ab47786b2a0adf02b1b720f4968f8b15005fd49f |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\downloadRes\downLoad\config_dlg_close.png
| MD5 | 754a7d6d7740eead34bb5a9f6940f009 |
| SHA1 | 18acc6593a114f5616a539101f31504cb511459e |
| SHA256 | 154ca004725f7936e20efa1780f3cdef20869de4ac00d1b0079c86e31b0e59f3 |
| SHA512 | 785ac79cec2f7f3fd813761a53b506ac5b2fede0ba67ea8a5bf495da5dc028c69e88217d1c45ad4e4ad4c34b3d3a1d6df88363c4e8fc1c095af3078357e2abda |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\AL_Close1.png
| MD5 | 1867ed15b4256e9edc952c334a543201 |
| SHA1 | 386b14cf44c620a55f64c6069409eb0eb5c5e3a3 |
| SHA256 | 87b01d7e066af46794e584904a4bedb27707da1eb32080b60a286f01b9c27820 |
| SHA512 | 027e984adcc90553c9c699c6f1a797eea5e7b02f8cb4a807aa62263780485de235c6294b608b8a34c67e9b5024d98768cab6265cc7776884b9ab4e6585e0c0a3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\AL_Close2.png
| MD5 | 33cced8d3d97f78972a5418ec7e96f29 |
| SHA1 | 09bb1332bbb1f06eda3bb09f37b3699257162369 |
| SHA256 | 42803e7485f1507abcfca5f455e76956a0dd92ddf2b9d6341a4f2375a941746f |
| SHA512 | 04683521c7dc5e7f4ff701da3fe4291eccbe6b96ba5631676844fe4616a0fcb5e7434a47f245f9b800a47922b25c3d5a2d1063eee61b82db656866c194aca1ce |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_scroll.png
| MD5 | 93343a6c34066ba4b50a6d455210f538 |
| SHA1 | 10bdaace70cee2656f3c6eedd2c5aa5182dd6de1 |
| SHA256 | d2d9f913aa2646725e0af0d332a10a78b1d7269bf0d774aeb3e6dfc4be40558e |
| SHA512 | 06066d93e57cf309c064779a415a34290d52d9312da45acad20b0655f098568cb438d694f46aafe5d0edeb5178a50c6a729e174c683666d97112a1e09741b1aa |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\listUI\filmlib2_normal.png
| MD5 | 7602910002b9307718bb5a4c221d6be5 |
| SHA1 | 61004f0ad2d3f55c7549b3c8eecf2108d0efb655 |
| SHA256 | 9298a0cc560f702a118dec0bf34bf2d609d5a56d1c49e9658b0eeac0bba59a38 |
| SHA512 | eac38bff7fbf476bcd003253b737723c46c31cdcc205bde5f6c4bad9f5da75d7f08f061976c1bb724888f2a4ec38a9c0667e56c3a993a4a69cf236c43adcd259 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\PersonalCenter\set\cancel.png
| MD5 | d1a6675f77f74cc5847b0a59c49c3f6b |
| SHA1 | f96c4084818cc5836e4086b665e97c3bd7d99f47 |
| SHA256 | 29207dd0cbb59bd1e6fe489ab6ada4cb04c74083099127b194402f1f3ea4bf8d |
| SHA512 | 3f4a2f4fc645fbbcfb5fda5fd37fe8dffb96329c4e66841ca5bdb8c8ae4836e4eaede44a6e4e5ca17cf6bf02524d304bf83922092fc9b88fa72e94a322617388 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\PersonalCenter\set\ok.png
| MD5 | 4d34af20771db466a6439fa56ff5f687 |
| SHA1 | 5223e4281ff91d0bdedc9af14c4825e56cad01e4 |
| SHA256 | b4513c801e7893e2364967da122e5340a69a0c8f28d0318234ee0ca41ac12f60 |
| SHA512 | bb770d0649982b3f4d35a5b6628cd0a4168f31ea89e56eaf92f74412cc2ddcf8773dd60f25ff5c0d04d77960570d652f8b7cf7cdd2cbaf07151024c8355871b3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\QYProduct\blackback.png
| MD5 | 60ce4c0275c77aa5572892c81728620d |
| SHA1 | 82fc18f800c867547140a7764f38a65eec9a4b96 |
| SHA256 | 8ea1ba9ad6052fe784d79b9bd3ff879152c1d58738cc1faab0a1304b68ce69db |
| SHA512 | ee1d28e4c4b939a721f42f67505de0fe2084f36244b53838a4704a19f32246919a88ab7936b6cfa07e54f4b5c1a11d36305376a3ef42bb73bfa5fd679f83af91 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\MobileAssistant\Fragment\MobileAssistant\scrollbar.png
| MD5 | 8f6b9b86898ce75b5c94034ab1f14381 |
| SHA1 | 4005fdcd5071fe373db13e301301ed0e2dc74876 |
| SHA256 | 874664eaa38618437f551ed0492a89b718e44f2a6f64e2b5590b708c6ddb3b97 |
| SHA512 | f42d284538b5ca4f8382321dd96dc104b8d7f49a1339dc1e7fdcac4fb22099078d29ccf29a7b9d23c94260295f39126197d082b4983acf7be9a1569ad4e237e3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\common\close_big2.png
| MD5 | 51fd1384bab6df779007cee07422e4ac |
| SHA1 | 16e89c96196d21f3a85ed6a0f5d97d096c2fbc15 |
| SHA256 | 9c0ec21d601c6e193caa0a04db9c80318d15e1fec713d3e82e53f709a5620fd9 |
| SHA512 | 279c7e23a32b639d13d836b1c9744bbbeec4167a95bd3302bae6ff2738877fb2e99e8a2c95934b38c74d74dda4783ab14f81ac96c551084e9cdbe4f9ee24519c |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\common\close_big1.png
| MD5 | 5fa2adb150f63cba9e5443befe17eaf4 |
| SHA1 | b5c2a1cee13211626c061c422961a1d0aa742703 |
| SHA256 | 02b0a8d8524e604ed201f912fba8ee58c5573f8310145d3e64a3c279726dac40 |
| SHA512 | 9cbde58a143beabec9cd89ab66bf0f29db6903ece436fdb0c14dfd66803ccc4f951b316216c073be9e8032d20f8e0f93a4c393672884063e3cf8f29f7b404607 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\spaceship.png
| MD5 | 575984f7a1cfe13a9ed1d3800bd7d14a |
| SHA1 | df04fdf4070d29d76aaff8f5b2f68bff6ee0cdc3 |
| SHA256 | 925b723d434d5528c4dd712102279974e76842b71544fa8153d6108d11ccd7de |
| SHA512 | 1d2eca187cfead14798cdc18b4ffed909b483869281bd05fc4b7412fb76a7ee6987efbffa17db218be32d4c2e1ee6e1cb383a4a96983f226baae1f42a330725b |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\soft_txt_icon_2.png
| MD5 | 1402aa18efd86eec43a345d936f8ab4d |
| SHA1 | c51a44b65489e041620c8ce9ebb5d04c517d27e5 |
| SHA256 | 2276b09083e0da61a550d97c12cd814622c853358f26dcaffd423285ed29640f |
| SHA512 | 7b4913b6a30410d87a3c1c87d4b6d15510c47f17b38c3c2db11da2fb344b88e5c3d86dba86781eff180eb803222af6a58b6a0a12905139b085d988061c5bfd12 |
C:\Windows\Fonts\iqiyi_logo.ttf
| MD5 | e1097f713080d07e0c717e0737ef167e |
| SHA1 | f31f1c4570925450c1fd1ac847cf54461b6274d4 |
| SHA256 | f2aa97fb51572edf0694ae328bbdcb01a172189aa53549b7ea8caebc66325249 |
| SHA512 | 786dda62d0423a9733af16035390e99bd47c5cd8c49f2802eb443896230b2dba70eefbb95de3175b2143dbca1f9ab8ccb8cd8e7cd8b8821f0a93d1a5c69923ad |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe
| MD5 | 95bff19e30f8b194eebc8c81b671d6d7 |
| SHA1 | be2883ccd72263e162350cdfb7bf9d4bc5090f17 |
| SHA256 | 4fa1020f67d7beee37c67bb6bd86ed8925e348adbf5748f9555dc96797c651d3 |
| SHA512 | 762bf013e4d46ca61dceabde986753cf501442e1c72dcf394b628e2f6273ff05f686908bf9ec3be17d28b34602ea0bc18795e296da43dda7de47e81962a559db |
C:\Program Files (x86)\IQIYI Video\LStyle\GdiPlus.dll
| MD5 | 385e243fc4314f79c1e3042070586d03 |
| SHA1 | bff588a2ac255b4cd1e3a9528529aa0e26f4657b |
| SHA256 | 18055410347fe57288aa11917e77f9b5833f59e669e8c65fc589d314eb6b695c |
| SHA512 | 5854cd81f2f9d5d01a7c0e3ab1b6801490f455191089a21dbc199cf924f59aadbff85d9b963700961c326a4def2a13ff9ba6d3933ead17262b7b66d0279f2c55 |
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
| MD5 | b6e9d6c600b793177c69ffc751c7a8f2 |
| SHA1 | 2d83d7e4a84a5378333250a470ad6577ea858780 |
| SHA256 | 19aa1945952438cc82e633ff6c90c4f21835fb79d49de8649dd1e18ae4c9a80b |
| SHA512 | 069ed99225d5d69817e16f8dfc2c95fe7c667e9e7f7b03897b58ffabe14ced8b4498b5ed117155ef79761f5189f88b54729864623cff1c80d9536f7c08ef4a0b |
C:\Users\Admin\AppData\Local\Temp\nsn8E09.tmp\UserInfo.dll
| MD5 | 13a689123cebd31c1d1862e05981beca |
| SHA1 | 0430094a1a0f639ba9bf5831c24f1f4330762a6d |
| SHA256 | 386933bdaf4774e88670e21abbebdeddf64b1e87b1681f85ac5b3ec1cac8dcdf |
| SHA512 | 0663148e80f4703000bbfc8ede2bcc7cad19877585a5cc46aa13a7003377d7315d33f01c1d311d38bcf5e3782e4b361510214f09a9f6537b856c5ad9bc41fdae |
C:\Users\Admin\AppData\Local\Temp\nsn8E09.tmp\System.dll
| MD5 | d0d7d2799802f7cddf8db7a2d8ae1e23 |
| SHA1 | ae8d8cfd9f1a7104036a9e8658f50f9c35c7a1c6 |
| SHA256 | 828819614dc0dbfb73f22d4c3712e6369230eab92819c5d4efe75870ee109a5a |
| SHA512 | 2b5af0e34720eb2f5b0aa04b589b46fb4b4d344b5c5d23fdd382348b051ac9766ff80f6a2455ef66da78ba880e8ce41b23daf741033de7701ca3f17f1adde408 |
C:\Users\Admin\AppData\Local\Temp\nsn8E09.tmp\UtilsPlugin.dll
| MD5 | 877ba4f17e960ddcf0c2fa2df62b6710 |
| SHA1 | c452ce34ed1b5043bb26ec938d170fffb14b53c9 |
| SHA256 | 7481df00348a7279b044cf12f7188b2c15e6a1862e5ed2ea8e7e2b0dc6c027ae |
| SHA512 | 0ae63c05641c234d53573e69eb143582916c4c976fc11d78efe0310b8fc04b0491838abd94b8c7b9ee5f77ddf41bfdeef61227c87a6da427c68b9feae6ada612 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DlgDownloadBG.png
| MD5 | aeeb6b445e55574128467d1699a62e16 |
| SHA1 | bd554f4c7472ef3aca5b1e831f44d6b7ed768fb2 |
| SHA256 | 19ec9c459ed3c438a6c1a8630e81265f4ee1414c5ca62c704832cdf01cbfc98d |
| SHA512 | 11e1484541aa5d56b42f4222d9ca442fcd2570daa2656fea78c96a51c7949aafb73012b74d853a3cbe70163056d9b1d50b505c7b9f6c15b18b1fe807e95d9156 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DelBtnNor.png
| MD5 | 5ff65cbf00ca0eb38b04df50917ac76e |
| SHA1 | d5c498ddc143f575bc00955bdb38640901b85a85 |
| SHA256 | bd20a3bb861109627eef3acfc4cddd6120b6e96d7de94415ed375b43930c78ca |
| SHA512 | 01bdfba569dd465a84878cee5f31ba9694953c9804338654a135d8e081639a88dd419cb7b1f3edf843fa98bcfe0be8550f0e0709f3b51f5a051914fe2cbdfb9e |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DelBtnHov.png
| MD5 | 159f343e6d3f9ba1d99da3d187398909 |
| SHA1 | 5855b18908526953cb8b8a9d281ee144107dfe76 |
| SHA256 | 1446a20293259c127b7631cb9934265c89810039e8c076cd98f946d55e00da1d |
| SHA512 | 70d6c98f6e57036a2e894c102888ea86575ad3e00e30ff386a1d97c6d4f407d29945f3f11c0e633e4f81179fe6f868755c0e82a0b9f1dbcc46e9410e6207ccc9 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\defaultgameicon.png
| MD5 | 116824ac4fabdc85d00e1d6e60fa6fff |
| SHA1 | 5bc1c4a8c152de3c1ea834a44e247ecb1e1ae865 |
| SHA256 | ae9291b1744a13ff45be576d455f268b93068651944e5fc5998b8c85eb1ef462 |
| SHA512 | a2397a5730dd9fcf8da86e58e247dac4b3806b5cae62b706cff2f8a87a0e7000c875b745413d6ec05c930fc4d5d89bc9b14389c6100bb437443970c889207a61 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CutLine_mov.png
| MD5 | 7069d28083d1361384f04c0d0f68904e |
| SHA1 | eb42e13f8ddd37a0a6493d1a8b4fa629c04ee229 |
| SHA256 | 328ee1b1c993d27c97aeb037e0e755e05a106aa4ee9e3203f350c9a09c4fa8d6 |
| SHA512 | 316e4539fb1cbb0204bbdf4beeeba9c3f268a006f280c74ae3d2d77caf1d34c571073c0dde726cacd94aa2237d5e03c345d38fe0feb6eeff01803cc634358403 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLink_Nomal.png
| MD5 | 673f47624b85a4403fdc740fe2721397 |
| SHA1 | ab0843b01f6a80a70c2cbaabe67f273094f80b33 |
| SHA256 | 38bb2806bdc0022541bde8ebdfcc7c4b4724489e870cfa7ec5bc16919057f629 |
| SHA512 | eb43372ada55842ec5a7ca52be3a4cc0eebd1bf83323b06f3587632f9ac76ba57cc943cac46c3529bdc269105aef965a2662924815b253044f5b34a77b0d73ca |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLinkTips.png
| MD5 | cb1e1030a8813d00749d308b0da73b9f |
| SHA1 | d97c9823d234fd8650dfcf540796d26f97442776 |
| SHA256 | 2d0fc3650a7f32216d8545dfd541bf4a1ab9f386521ae8f035ef8f6c069089fd |
| SHA512 | 24141197dabf6dd18adedf1920b52dbac7a72eefcf71cf66d02048e08d480c489e3ee72be174c593bd7a4e2882ef62bb0e941e5dc3c98d6abec15db88cbc5051 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLinkClose_Hover.png
| MD5 | 2855abc8bc2f15113af379b3ced104a2 |
| SHA1 | 0aebf0295a17c7fd6c722ce10a65c9fc4fd09f03 |
| SHA256 | 671af83a229fe930a720e5805e079ce2c01334125136011d8adc0ee6c3dd50ab |
| SHA512 | 5b5063eacf5fdd0ee1e939090334d5f918c4fe3484a6a0a3ee4c87e8808153002ea8316733a5a8e84c5e019a2c6f4a64b8390ca339cfad7c2135fcdb9024b3c6 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CommonBtn_normal.png
| MD5 | e189e1d1d43cba9e78c008fa248e02fe |
| SHA1 | b374269f970d337375552f2b771126f11da42f15 |
| SHA256 | 911eb65979874e946ac0b2da2440084f98c3088758e2f1bd9144d495061d6aaa |
| SHA512 | fd1b83cd8130000670756169910920145c9a1cc1ca35b4efca61311248db07488d32430d5d3d1c45b231b3d5803e011470326f4e3ec694ff5663a16b66e1df67 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CommonBtn_Hover.png
| MD5 | 15ae314b60106f6eda43676eb1d3de6b |
| SHA1 | 2897302883ec07add176c4e03f8dc9a4ae6afdde |
| SHA256 | 8927bf74e9d960dad95ba796e6f2bc731c5b4e1192cbd7b120cbd2f1898ec3c1 |
| SHA512 | 479afa994781f6a495d7439ae3d0afc131ad5ad7bb5ff1471f1ffebf61633a74624e41b06b481f17c8a9f723635de871273147659ddf070664c385215bc23a80 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ComBtnHov.png
| MD5 | 6cb194b84853c3d231eead716d49370c |
| SHA1 | f95a681a3dc9318580bb62ef8ce4a678d78f1ec5 |
| SHA256 | ee34c098163504705e055812f003d823efe727600ea4b56db73553e2ff9d0219 |
| SHA512 | 5ba1f927981c8679b49c5fd079ea2bcc662c8e9282ae736783c7d46ddcf7c486ad48856cea0831a223ac8b9600eea541a35fd3b4afd4fa2f132dc554503ba4ec |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ComBtn.png
| MD5 | 0a2318d4078889584caa4523315bdd70 |
| SHA1 | 281adb6f789746a5c2e446eea019c1e1047ab8d1 |
| SHA256 | 5956629dc86c8486d28137f91fcc493183a53a103c1ba5f4a4019f67a132e9ef |
| SHA512 | 5c05917259aefc4b675913cb896af105b1e7bf7cf07ac400083303e2952e307fb72eef4786e27381a7eee5d2b17dd4d55a9ed1dac7acded6890db927f4657b5b |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CollectingToDesktop_MOV.png
| MD5 | e4c70faae3c4fce495e12d24c2854c8b |
| SHA1 | 9faf01736350722f60820485bc6fa1eb364e2c5d |
| SHA256 | 03f78a2bb0eb5d120d85e7c08a16410921824154186b04ef1027905b07d137a5 |
| SHA512 | 54567bbe7b75acc0e09a4fde69ff50d295609fdab69478d8c995213d4491f09aeaeaa134b2a63a76d3c5f92a8a3b61c1e56b8593dddf17a12ca28b6c8af4e4c9 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CollectingToDesktop_HOV.png
| MD5 | 8f88aba447c6b48423a6ab9502060195 |
| SHA1 | 2d434c1dc6f8523b49dc669abd8f69f50656ffbb |
| SHA256 | 78a209e1df0745cffb42aeeba157769ccf016dd3e356719415c11374f0e592df |
| SHA512 | 927b79089112c18870b43568c6efa1f8959beb39aaba9356429d7209438f8ad330488f3c49d8b4bd9aff29808b751ee52c82f7322dc72eb8a2d1ac563ba79fbf |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ClearIECache_mov.png
| MD5 | 683aebc33c1a57d4e7193ac11edb718d |
| SHA1 | f880556c87ea97d913003b5d61bfcc46309203fc |
| SHA256 | 2a1b1688b001bf57d60a0c47b6b82910c443015711820f6a95a073e540621a40 |
| SHA512 | 6aa2665a83c7b683658601815d6b0957ee3376645158339657bda2ff765b7db91fb8abc49ef0e50c5a9474965ccc9e34ba8df82e28d8cfa2b05cd49225a3a454 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ClearIECache_hov.png
| MD5 | 5e9c33c45c3997c6bd2a227496d8bbf5 |
| SHA1 | 61438ac8294a4723abf785604b05f3cfb3f190a5 |
| SHA256 | 59a3e8272352042ab795032d5dd448b2f9bb3c9bb0e4a119792ef31094e69005 |
| SHA512 | de8df25f3294dfa0a01433df94672272c119ab58c58e7af5bab3cb155dca248113d31e5145b1039dcf24bd27725aa385c860e286ffb7c6a85b4b8f25373451e4 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxUncheckHover.png
| MD5 | 0e40da2e0b0d35ca116a6ef8cc09ab27 |
| SHA1 | c43ff70922be4bfcf7823551be6b2167c341f979 |
| SHA256 | b443f84b1dae129f7f7d86f46a1b6afac0569f5537ef79919396a18f15a6c709 |
| SHA512 | 82042d24bb547bf1aba3b317e611516162a955714df3c44807c65ac5ef449b0e5e0eee8e673de24be9eb89c9cf45068afff74fb710e2eb89e9d4106ffdd645a7 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxUncheck.png
| MD5 | 0992ec4811eb429baf46221fb1bfe4fa |
| SHA1 | c4d95902c17a2c339cfadd366a1735a08dcef39c |
| SHA256 | 179ad885c9bd5e378b834f0c192f36d24366dac0af3df1c3a7896150e94a56a0 |
| SHA512 | 91fedac3aad148511f028fbf25f544590abd7daac05fdcf9f62063911a1b5e39003e9a97d54425d2facfb4446311dc42499e625766b912656dd1fbebf8fc56b1 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxCheck.png
| MD5 | d9cdf06422119816ca6f9c4c72cd09f6 |
| SHA1 | 64e3bd1921689df2f3ee450c8387f9325d1254e0 |
| SHA256 | 23f27fa2319a141f10a8be0cce63f11fce499f5943306d9d555c177c74d346cb |
| SHA512 | 2763f47b77742585d3562d61afe00033ef7ebb9f3fb1b7cd8b163d62ed5770680b00ac27bf200a47734cf715adaab862b9710268db9b6fc67f3c6625612cd88b |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_Normal.png
| MD5 | e720f8d7d9b1eebf115a3ac3b2e8fa0e |
| SHA1 | 39e7f401d756d0f67413f9ff9ac925780b6e5434 |
| SHA256 | 395035ebf113e3f7d46d5fff75fad4154a674747d86049eb88d0962865cc8328 |
| SHA512 | 436d15bbdfd0cb4a1bbea0db7be5249ebb5e59268c6768a58424c66d155f4485057de177d9b36959c022b6a3c305af072414a75e829d44eee5cc0a8b6b9f4dcf |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_MOV.png
| MD5 | 0373829c3ff82ae9637c770174be1f01 |
| SHA1 | b608bca312673a83e435c475c3b6e56cf0ed0f61 |
| SHA256 | c5db13edaa19ab6024f12952264a3ec005c4ff87f677e33d0444a9485c113179 |
| SHA512 | ed0aa92263b53f6b65820303a08d31c7d54c422425aeae90ea52e08c54e10392acf33fdbb12e9ceea954df9a3cab1b13d4cc39c5a46198c364c6de3017d9dc87 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_Hover.png
| MD5 | d94d4858a788fc9c9e4372a9847660f4 |
| SHA1 | 863d2d93f6909c19ee666e0b73e5a1914343c221 |
| SHA256 | 6dc00a8eef3d4d1394655073304c749b499e4ebe34ba292b3aa1e81f53a2efdf |
| SHA512 | f734a7c10005bd83e56e4f00139375404524c94c8a906d71bcd67dc590d91a9d9caeaef702a67540c7a627100a371c663a4d2c0cc6610b429e2618e1869f61d3 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_HOV.png
| MD5 | fa74861595b2d7f8029238da227c9ed1 |
| SHA1 | c2103a895f32dcb9e8f1b8a7f647d38821b2df1b |
| SHA256 | f22ecceffd5edb6c5818da84a7753190a2f1a050d7a137676c6baf155955ac02 |
| SHA512 | 7ec53735e6f498db76f25e742d512a58729dc3889ed6c5aa78844fa9178b8ced9de960d238258f161c3dfa5217bd2c575488b868910ec55bb5d887469ef7989b |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_click.png
| MD5 | d5c86709860616b2a77328be90005dd7 |
| SHA1 | 8e3051d9b74eeea2641ca29510e8dd75e8f6dbe4 |
| SHA256 | 4f3d3d8f8544b6f5d973443d28972712d9f869f745544822a7af63d66cb9806f |
| SHA512 | c2149278520b60989638870a3095b82f85eb7329f67741c99e832c483e2a2a7159e9f5294223d504eb98f0d1b185a57834d43da0681684a7b4152929cbdaa6de |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnMinNormal.png
| MD5 | 0f8c32a24cdd495cf044885babc2a284 |
| SHA1 | b554b4ed413de5050d7ba05f5f9135fd9a8bad66 |
| SHA256 | ce9610d0d6f603ed290e3eac9813fe6428f85575399f1d2f3b79ec2b80bc5700 |
| SHA512 | 88f4ca39e9acf4d4e17d003e1bb043a2cb4784d3c06fccb061f4e78033ab814ce301d23ae2a71ff454e8ab8f82557bb5385cb6ac927950aab955ce9ca459b0c3 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnMinHover.png
| MD5 | 3d5ce2154e2739d8372cd19ef6894d54 |
| SHA1 | a50b1d7dce90ace6de2f64420cc501d4ae044ff0 |
| SHA256 | bcc19a19510a08c675266e240a2262c92f1bb214f333cdd3c12e50a84f97f881 |
| SHA512 | 382f29d7c19f22c34a9fea304028535835fe2693fc6c86834d3b2ca915a3e14b88cc84cbb368543312f6080f53479039557418efe65e2909ff5b07e06c593684 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseNormal.png
| MD5 | 5c58e41384824810c9233b4e20544bbb |
| SHA1 | 19a38a15c08df0c87fc96fb2ff1218cb11397bb7 |
| SHA256 | b6f7642aa16976177755b14a93dbdb3245eadc5f31cd28abbd97d31b4939a189 |
| SHA512 | 1ee8e676ea4702c7196f123c327aa0cbffc4553f389816dc7a8ade555b7f8c07e5b4b80bcc8ef6546e85e9b5255f20cd81cde91faf509f7d4fc0f35421af364c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseHover.png
| MD5 | 77c53a33af5d9060edc64d742581c78d |
| SHA1 | a6ca1ead89f69b55cfa2557a2607e056d7b98ad5 |
| SHA256 | b8ee599130d00563db4e4c0cf66b07d626d00e28edc35d9e96734d73c11e56f5 |
| SHA512 | 16bc887a618d565e5a5a93c98bce80510138a1c6687a027b16aa52233154bdead4224d4fbe76b2c48d13e210e426c6c86c250a27e7b4b7e695a9af59e8a8f506 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseDisable.png
| MD5 | a7a050294a34df2b6598b06c0f1b46ee |
| SHA1 | ad0a456db2e13852af75b30f8a84495dd8414b1d |
| SHA256 | a37bc8a0d719e97f6bba561f05056c90beafef08dc5cf77ca0604caf833b82ae |
| SHA512 | 3d1bbf0957bc2df884b0716ecaeaf616f83f803a006cb0b03f66102520d99e98833d4448c407b75dc5a67505f0c7cc23a919a4b58881bd4c1691c5257299df36 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindPhone_Mov.png
| MD5 | 62cfbca60f27d4b42253c96e1753bfbe |
| SHA1 | 496690bcb841f2c95b1b1d3ad2f8a70c7a3dee76 |
| SHA256 | 4e2ef52fdf819e5d5825857600bb1ebad672a16873f4f55cc02c4b78c04d01e9 |
| SHA512 | ea87b367f8dd7a0670ae3171dd7a6f957682a661528e9f1330921c8273dd6df952e529aed59c21be33f0f733483266468809dcf0a5c38137610849ca2489c4a2 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindPhone_Hov.png
| MD5 | f061cd973c3245b935f8ca0e7fa2df41 |
| SHA1 | b843b3013d90a3b54f54796f36d0b3ae64e0684a |
| SHA256 | 4047e046f0f25b0f41d3cdc6578e252d35d5b2db9d44f91fbe5400b14073c8d9 |
| SHA512 | 05047a6b3c235dbf1c086ea97759f888efc88dbd25eef984de53aab304e0091f40f0014b6edea4368f813f4d4dc0cd04d35cd1fe0dbaee3a9ddd31b675cac186 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindingAccountTips.png
| MD5 | 782b458a7a130a168e2348bb6b6d1ec8 |
| SHA1 | bf958b123c4c07ffda0d47939747464deba924a5 |
| SHA256 | 37bea36b1180d7b0a2a2734a46b3ced630c997a461024dbd395e12706ba29599 |
| SHA512 | 3b765d00dbf554f5b4037b27a6ee5a3cfcbc26d33a6b336f5a37fd085de24ac5bf26edf0e6855ece7184799a1e216bc072fe516356a419e9a9d26846c58ce32f |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BarPay_mov.png
| MD5 | 17ded5e0a173363a18f2e998cf05882f |
| SHA1 | 121c6c1c92e0538cc4a1964eea2a6de7784a6ff7 |
| SHA256 | 5a6d97e4f5fd2cd4ff81595bce200b8b9bb0af8c87e0a5a1ad33e2ba8592631b |
| SHA512 | 12d6cf34bb4f1c3482421cc986d2776d6724e3b97f257a2cfa17f373b688742c23d8a7ea682b8bc19c5b6162e2bf9627c415e3dc822a7beed2bdc2799bcb6b6c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BarPay_hov.png
| MD5 | f3506a23a8eab8def532ec1124fc122b |
| SHA1 | 5dab7891775c289e860aa2b144483209e8673b13 |
| SHA256 | 4d2fe7c86523d8e72de46e925aa1ea473e43b46534088c2372ebd5cd2db6a02f |
| SHA512 | 1095e4cce712836bb0f1b45f83a919f44c7becc8c51f950fec2a1e4034f8d6004372e23f100e51e309a7a406c51b4fd0821cc92f8245b720e094ce6b9cbc0856 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ArrowLine.png
| MD5 | bc5022a5719a200d8cb4df3b5d95337d |
| SHA1 | 33b3389c08cb110d2882ce7c87c09f6ac768e91a |
| SHA256 | 79c208d9481d9ad70b6375aaa875c1933fa6a5aff1a20ca69ae9e2d28fd16253 |
| SHA512 | 71d564c909621d9260a257daaee9bdb019a8fe24f81db319ba7bf31b6e81e5db7fafde7b76c181a615bd872fd702ab60d463ee340b8b8124bb524ded20cc9245 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\control\mainframe.png
| MD5 | b702f688b22f0d326be0496338307f0d |
| SHA1 | 3a69c7a925bef885ad3491fe552a613dde803aad |
| SHA256 | 97aec0db2dcaf6d20a1ed9e8cb2d8bdde456ea0bbee9bb9275bfb284dd059a52 |
| SHA512 | bd30e9c6518072b5954d69824d084a99011f24cbc386e4be15a3d55bf5f69cc11f1ff4693699b2291278ea7d19665348e847f6c0ba8737fe46ef837dfca3d102 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\QyWebGameClient.exe
| MD5 | 4c3d98b2b8e9e4064e5947d64c4ec613 |
| SHA1 | 6b8c3f2ee10d8f830f8678e5245cc2a35d18ac28 |
| SHA256 | 46f0604a4450ef9f828364e21a1441bdd4fa7a229964aa61bf16279150c9ba55 |
| SHA512 | 10025f9d34b952b09037f5f269583d74c3792cbd386eee2ba3e143f8b04636cf662e1c154f286a86343d0f27a1bece456442daa7eec84670e741c08048aada2a |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\QyGameClient.exe
| MD5 | 85d1912c6c543f4cf7b69ebb76372b5c |
| SHA1 | f43303d60f2baf0d17ae6d14b8d98b6b1152d696 |
| SHA256 | b9f7db9f09ad85025a61617ea56089ac92a2f1c9feccd9b3273f88abf8e769b3 |
| SHA512 | 91f568d0a95625da13da7c416e0813b922f30c280a80e04229365fc121ddec0da9afb4a1f64c63405521d463cebe6ace0c5a6dda4da5bf57a39d50729eac176a |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\LobbyServerList1.xml
| MD5 | 45811f4d5463405dae043f7e9b9ba846 |
| SHA1 | 886a410881900f0237ed619bfca6583da8ef919a |
| SHA256 | a0635bc8344e41759e0a53f0720435952f57fe68df229ac4831fb9300bdc4593 |
| SHA512 | cbaa251953dc1bd3d67c176702a23482472449078344d7d26051589e1b5350f5a85cf120453bc6fa66f6a8c6b8db80bd52c4b2bd67dd53d5a1df02c7dd8d1736 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\error.jpg
| MD5 | 2cd92fc75bc2be926e4c002598f325c0 |
| SHA1 | 484461932de9ae91409a67308236f4f35be0a232 |
| SHA256 | 657728435b2d152106f4acac777bfd82157727e0fdf6364c4f0eb4906a443399 |
| SHA512 | d1ab9a455742d502260bbd3279a9da0579f0408b5a7443ec5c28b4a19c8e31f6e622d33c6e886cde289a3f8e6c530c9b94e8c247299a0ed54dd01a41ca8c329d |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\bgline.jpg
| MD5 | e50052189fe327cffc4920d2cbfe7e5a |
| SHA1 | 917e438ed6c14579b4c923bed88b0938a5719312 |
| SHA256 | 49de719c563b90541a46fd3db53057cd6e1c854f69359b09453b7c6233707ecd |
| SHA512 | e98a96a9a3086768ce81e2152a7ad98c8f0c08308521ade743940ecc23170ff6309d722869543593f8fea742d2b0f95602a594ddff9894881043654d69008a58 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\arrow4.png
| MD5 | 55b2b0485d8cb14277abed24471c8ec6 |
| SHA1 | 121aca27f33646990d96a7b602671a0d01f6a4b5 |
| SHA256 | 41e8a39560fe7c5d41be57668b697ff6d163794c1fe0d178bd7ff603395e5666 |
| SHA512 | d0330c27c501f78cb3dc07df0b2b757851420a88002ee1ccaa5ec3fe29d42fb59bcd26b2fad40bf771e611e2ce7e98fbe7a72c7edd0e58cc5a78075d392cf751 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\arrow3.png
| MD5 | 4b7ff428e1010f5b4b924a381ecc6a9f |
| SHA1 | c64a6c92c9ce90dc5f51fcb61d1fa7aaf55765bb |
| SHA256 | 6da80486fc24fe096983626c22d7ade8e72667205ae9ab88eafb1b5e896f7d47 |
| SHA512 | aeb5d028c20c69cc04422c1cbcb0ec9ee72557553cc8230c9129b7baa70c6ad3263d91c9d5c62c69792f321182564d6f52e167e18bbbe4370564790596561d39 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\error_togame.html
| MD5 | 5926b1d339e58bf3ebc876939ea4c2c5 |
| SHA1 | 64394e162c82bc19812c62881ca1545288e56516 |
| SHA256 | 5bbaa9feff7fbe44b794df4b493c587303588d74d138cdb50504ed5b6e3c8669 |
| SHA512 | a8f7374e80214bc9ba4e493e8706e59f55f07ccc31601ed550f0d1787e1c5dc6695f4fbf75e7e2b66c031fb44e391af6d65ea619c3286aedf3d12c819b3751c8 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\ClientGadgetSDK.exe
| MD5 | 9b4a17d36d4730907fbd6d8969ad4533 |
| SHA1 | 547f1198f277c267627083ab3a6f083931a88f85 |
| SHA256 | 7a201389575d3c6f60a638dcd6f8c1c41687b51bc7be541ebc271330e1875be6 |
| SHA512 | 870012f8ee3b07e5b45abdce7c0bbaaca5d963412332669ba1ceb4c6b9c6077740b6336dcd8ea802c10254e73173de00a3e2f1c6e3e6202b397477cc38e96ce2 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\AoreAudioVolume.dll
| MD5 | a53ff1a83e51f4915a6a61ee92f408d3 |
| SHA1 | 15f9bbc83652f057f933ad2dfa02c9713884d328 |
| SHA256 | c81aedcb12656accfdbda1d1572311c9a0f9954c0036c0074235f42b6c0567de |
| SHA512 | be5d2b9c05d28c49ad3b8be847f322bbf23b06e9966418f57698e463c9bd112e9ad27081029fee422212013924beedf010074bcce5683308039ccbeee072f436 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 849c0db12448b338a7454ce8fc8c6365 |
| SHA1 | 1477afec52ba1303cab09b085a7148bcf56b2497 |
| SHA256 | 9897278fec98e2ad20355747dbcb541f2c87d15616f6f15215fec3351590b3a2 |
| SHA512 | cfff784ac25afd5d6b6a4b15b90f41614f3a9299e77921e804b9464504ea472e6da69e2142784a0c6dbd6f2319ef124220da22230dfd260e440939f14b97124b |
C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx
| MD5 | fd0cb28279bb47d33605f6a6f90759e3 |
| SHA1 | 374e2f6beab2520083bf749959dca7e07497a5dc |
| SHA256 | b913b88aa4aac4c0114cf5d0d5e6b3baabd17727e1ec1450452f89bbf91123fc |
| SHA512 | e4e13a61b3c47d2d5ee6bd2b0831f1b8fcf15e0a21dc857c761fd64ee60f06872018582d5b498427961a59a0e5188699658f8d1f60e7d182ae31a10be02527c6 |
memory/4172-5415-0x0000000005E70000-0x0000000005EC9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsn8E09.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\registry.dll
| MD5 | f81598566d3bebe154d86906e7419653 |
| SHA1 | fb2a980abe37a0b724edf932884931f946332b68 |
| SHA256 | b13d15f8d3e5498d3014dd0c5acc2b42df4aa08f96e0b3e59dc7c9e8c1e7f4c7 |
| SHA512 | 95f6d51d11df472808b9e6a765be6f13231901d698b62f0782e2c17a5ddeee43a8484894f11568ae474ffc7a3b27d8cd01785caf8d87eecdc4a3f64a3ece9255 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\vmPage\1.0.6.55\skin\btn1.png
| MD5 | d271a47cd14ebb209b06ea235a91d144 |
| SHA1 | df6d11259e8b54247d052a64b2fdeb86908ff751 |
| SHA256 | 09fda339a9d73d4bd0c728084eda60967139cf45c96e81fdd63ef562597c37ed |
| SHA512 | a074342fcdad77884e7b3c0360dcdf5798e3b1dca4484df23cd85b0283da0920fc867fddd41bd3d8eb4b1200e43c9b34114ba479ae9d4e874f46ba4808705ef0 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\vmPage\1.0.6.55\skin\no_up_and_down.png
| MD5 | de4109c2374280da714e9dcdb3d3ad9e |
| SHA1 | ce6657dd563c51c684277a4213fb2be052a13f38 |
| SHA256 | 03b3fa0f39cc032f3f0fa0748810bca79d925e64ec5c2df0d3898580b1d7b203 |
| SHA512 | 99160096e9ef20e984d09d6abd34a0522543e00b582254f337a3f61ead89ec933fa8f2618bc1deb32f7bd44c821ddc1ce9b60392fe65374cd1912262a632a205 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\LogoLIB.ico
| MD5 | 094fad0a9eb6e39e00f6452da2e0a596 |
| SHA1 | 053e9e4ae140cc3fec5a500c6941e0181e6ad143 |
| SHA256 | 8429febe04859faa258bb06bfba94eb969ff7e80da207bac6417a22cc83548de |
| SHA512 | b5d41ab5c040b0a001aaf399e9e7fd9646eb5d79268fa5f5258fb22a178b311f46e46c48c75495a003ea15949327700b7011602d726d92cf7e348f83e3ec5867 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe
| MD5 | 9e8e028857769d11281f83f1438d8a35 |
| SHA1 | a6a23b4e3fc495ba235a5b35c35c8fe05ef2f55d |
| SHA256 | 169e700568cb68e2511589aca9be8ad26bcd1ae52d0d109120576934c8af94c0 |
| SHA512 | 42c9874e7b8eaa50888f4f533bd93c11c8277c8435583f06c764a5858f47c34ff5d8fc982540b5c06cb2ee03fb406931eb4db8170c18d0c1bb3f5bdd52d8b9e4 |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\nsExec.dll
| MD5 | 2d1656be5aab3f3e6873cb5d0c046717 |
| SHA1 | 32facbec7603c0d3a2198c390399711f68a96de7 |
| SHA256 | 63133db6770f8ae0a5b38ddeafafbdc61cd6bc2ab0b6f3c307c0904f29d8a218 |
| SHA512 | d55426322c315a211c4de778eabd676fe2353ebff15f8725eb4e5dce03bb6b92f8a180e5093c2bdb324329bff72b4b1ed37d9d8155ce4c98926e0cbaa1c62ea1 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\PSNetwork.ini
| MD5 | 3221fa8864ba8b73d2b5fbd437a289a0 |
| SHA1 | 0b210cd735603be096e676cc0dc9d4c5c1de63f7 |
| SHA256 | 8ffc6af8e58191176ef82385aa12d25c0379d3b9ccc3a3ce1d041f3c52d61914 |
| SHA512 | 220a1f69d939f7a67c94a70e88acab7be105a7ed4fece40890c0b8650b4f356d3d7cdd348e380673a4cac25cc16e8c1324aa9fb64efb3b7337401876ad13ef4f |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\PPStream.ini
| MD5 | 7c8659198c0ec4b8f817f59636aaafd3 |
| SHA1 | 7dafcb62a53babcd5d9c8bd5ba8a52714705e37a |
| SHA256 | a84958572cf3654c939f26c4993b6f39861b808905cbe7020ef3c77582cbf904 |
| SHA512 | c687a8e4da94d0da5f7f9ab5829c57776969935bbb0e0b25cde3c3121e5f2b6d4db8186fbe313df147dbdadb8f9048b1a54f56a789ba851f2e4dbc46d4dff039 |
C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini
| MD5 | 83c90abdb6d219082c9fc61acba40663 |
| SHA1 | 53bb41ecfe149c9eba840448375ab3a89fb02538 |
| SHA256 | 89e66e561fdd7a811f8cb5b7c24bedd7284a1cf752b55262e1697375131949cb |
| SHA512 | c5b4aa041856e3cc81395aea1aa34c2f22202ae94ee104b27e796da4ade6b453fcaea07257d223dccce78b4dd86265a020e4130924bbc7f3814a313796ca622c |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 2ead05e1cee75f9ebdd5f9ac04cba9e9 |
| SHA1 | 5c37cff83b68982eac4e8b6ad8a4a00143890a04 |
| SHA256 | 0f318d57f8a2101da3b9c6b6c92e072afdf30150d4e628db68d4502a50b5bbfc |
| SHA512 | ef73d57044c0b860839ad2226a4b61da16191e94a11584cb015c85f9ba6bf7202bad73baf2302426b1a1e3981b292b3eb4774643c31af2d7a12312025270e203 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 153da6faccafbfe48b86380552872406 |
| SHA1 | b13c7709269e00ff251f1e1ea0518c63ea5ff0c4 |
| SHA256 | 0c5224f0693b2fd9810128c1e9eed1a92578bb6650e073c4856e971a43855421 |
| SHA512 | 66bd99844b8f15a9b73237aac8689758ea8b94b4fc78d2db4b8a332350ab1c43aa29fcdaa8416485193249d9224304f73b99c2f3ee6f1da7c43f7a7f523a51b5 |
C:\Users\Admin\AppData\Local\Temp\nsj5CF6.tmp\config.ini
| MD5 | 89647dee1e147207f3446ea739c8ab0a |
| SHA1 | 2939c1be244aa0fc4101832ee410418c337a4a40 |
| SHA256 | 09622256300931a8465cb377e4f958239022f4245606e956728a9940321c17c3 |
| SHA512 | 5c18225bd6c7ba97909a1f2473bbc6fbbde49ba91b5aac01cd4846a39eca886e7f27b1ad54bb143a1831b23b66887b5a4de50f63ba5a70dc44f00db18027d257 |
C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini
| MD5 | e91f70ecde36129225afce455abef198 |
| SHA1 | dad2363d00ef40bddfefe9ce03334b5a667b626e |
| SHA256 | 6bf6fa172d04fdfd0504217fed3e51a1b3c50c77c9b9c1e8fa9bae6891823ebf |
| SHA512 | 0ebfb6210bfdcee934e815d361e6afda03e77803b0485ca7acfeb43b0d586475ef6c122a753d2e7839f09e3912efdd9b7fe158039e139af6fa064ad9b57b5d26 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 13:14
Reported
2024-06-05 13:17
Platform
win7-20240221-en
Max time kernel
151s
Max time network
155s
Command Line
"C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe"
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\HCDNClient = "\"C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyKernel.exe\" -shell_start" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C} | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (33).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\listUI\filmlib-selected.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\soft_windows_bg.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_ret0.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\GoldLine.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\LoginRes\tip_triangle.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\messagebox.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\cars.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\listUI\listUI_pagectrl.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\pageallreadyfavouiteicon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\Top\restore.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\internal_message\set_btn.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (112).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\HomePageMagicCtrl.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\MidRes\player_right_butten.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (103).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\downloadRes\DwMsgBox2.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\Ctrl\album_state_110_70.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\RightMenu\right_menu_more.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\VipTip.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\Accelerator\new_IEHelper.dll | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\download\vipcrown.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\list\downloadmenupause.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\upload_icon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\popup\bk.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_firstPage_ExcitingPic.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\homepageRes\common_1080_logo.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_1450x800.jpg | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\InsetControls\ic_rollview.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\right_menu_icon_07.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\upload_advanced_btn.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\list\expandbiggenIcon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\made\loading_1.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\free_skip_hot.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\vip\loading_27.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\scrollbarbk.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\list\ondesktopmenuicon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\list\onlinelistOption.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseNormal.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnMinHover.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\MobileAssistant\Fragment\MobileAssistant\DeviceIcon.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\Ctrl\full.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\Top\restore.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\libass.dll | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\MobileDown\DownBtn.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Middle\ADRes\AdInnerPrompt\AdInnerPrompt (77).png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\advs.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\edu.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\health.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\titleRes\skin_select.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\PlayerRes\Top\size_15x.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\sys_min.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\SkinTabItem\itemclose_click.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\homepageRes\bottom_blackback.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinVIP\skinplan\PlayerRes\Top\untopmost.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\list\downloadpausebtn.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\skinDefault\skinplan\PlayerRes\RightMenu\icon_topmost.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CutLine_mov.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\skin\history\history_computer.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Ctrl\Comment\setting_bk.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\PLRes\btn_search_mid.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\homepageRes\common_scroll.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\dislike.png | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\xml\t38.xml | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\psnetwork.ini | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
| File created | C:\Windows\Fonts\iqiyi_logo.ttf | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\vmpagedown.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\UnityWebPluginAX.ocx" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\QyPlayer.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F} | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\AppName = "QyKernel.exe" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\pps\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppstream\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qips | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\QyFragment.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppstream | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\QyBrowser.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppsrun\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qygameclient\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ppsrun | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qisu\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppName = "QYFollowVideo.exe" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppName = "QYFollowVideo.exe" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\QyPlayer.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\New Windows\Allow\*.pps.tv | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_AUTOCONFIG_BRANDING | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\QyClient.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\New Windows\Allow | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}\AppName = "QyClient.exe" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\New Windows\Allow\*.ppstream.com | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\QyFragment.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qygameclient | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\magnet2\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\Policy = "3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E} | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\pps | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qips\WarnOnOpen = "0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\magnet2 | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}\AppPath = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\QyClient.exe = "1" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppName = "QyClient.exe" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}\AppName = "QyClient.exe" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4dfc-959F-233651CC4D7F}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_AUTOCONFIG_BRANDING\iexplore.exe = "1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\QyBrowser.exe = "9000" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\qisu | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\UnityWebPlayer.UnityWebPlayer\CurVer | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}\1.0\FLAGS\ = "0" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pps\shell\open\command\ = "\"C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyClient.exe\" -ppstream \"%1\"" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\InfoTip = "使用爱奇艺PPS影音收看影视节目,清晰流畅更新快。" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\ = "爱奇艺浏览器插件" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter\CurVer\ = "IEHelper.FlvFilter.1" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}\ = "_DQYPluginEvents" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\MiscStatus | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}\1.0\ = "QYPlugin ActiveX ¿Ø¼þÄ£¿é" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}\1.0\ = "IEHelper 1.0 Type Library" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB3A16EC-96E2-421B-8462-C6F992596E65}\TypeLib | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\PPS Inc. = "YES" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\TypeLib\ = "{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\Programmable | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB3A16EC-96E2-421B-8462-C6F992596E65}\TypeLib\ = "{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\UnityWebPlayer.UnityWebPlayer.1\CLSID\ = "{444785F1-DE89-4295-863A-D46C3A781394}" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\VersionIndependentProgID\ = "UnityWebPlayer.UnityWebPlayer" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib\Version = "1.0" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\MiscStatus\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\Accelerator\\IEHelper.dll" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}\TypeLib | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3636FE13-B7E3-4CDC-B7E3-A8014BD2CC02}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3636FE13-B7E3-4CDC-B7E3-A8014BD2CC02}\TypeLib\ = "{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib\Version = "1.0" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ppsrun\shell\open\command\ = "\"C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyClient.exe\" -ppstream \"%1\"" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675} | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\ProgID | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\Shell | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\qips\URL Protocol | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\TypeLib\ = "{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\TypeLib\ = "{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\UnityWebPluginAX.ocx" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pgf\ = "爱奇艺PPS缓存文件" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib\ = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}" | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}\ = "_DQYPluginEvents" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_pfv | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\HCDNProxy | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}\Shell\Open | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\magnet2\URL Protocol | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_pfv\shell\open\ = "使用 爱奇艺万能播放器 播放" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB3A16EC-96E2-421B-8462-C6F992596E65} | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QYPlugin.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ppstream\DefaultIcon\ = "C:\\Program Files (x86)\\IQIYI Video\\LStyle\\QyClient.exe,-0" | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}\TypeLib | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Wow6432Node\CLSID\{444785F1-DE89-4295-863A-D46C3A781394} | C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}\TypeLib\Version = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlashHelper\CLSID\ = "{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3636FE13-B7E3-4CDC-B7E3-A8014BD2CC02}\ProxyStubClsid32 | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB3A16EC-96E2-421B-8462-C6F992596E65}\TypeLib\Version = "1.0" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlashHelper\ = "°®ÆæÒÕÖúÊÖ" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\.qsv\OpenWithProgIds\pps_qsv | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlashHelper\CLSID | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IEHelper.FlvFilter\CLSID\ = "{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}" | C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pps_pfv\shell\open | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ppstream\shell | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\98448ff97efbf6b86618a0ce8bf780da_JaffaCakes118.exe"
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe
"C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe" /S
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" QiyiUpdate "C:\Program Files (x86)\IQIYI Video" true
C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\Qy_plugin.exe" -install
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IQIYI Video\LStyle\QYPlugin64.dll"
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\vmpagedown.exe
"C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\vmpagedown.exe" "http://vodguide.ppstream.iqiyi.com/search.php?ver=1.0.6.55" "C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\vmPage\search_top.zip"
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe
"C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe" "C:\Users\Public\QiYi\QiyiHCDN\Config"
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" QiyiUpdate "C:\Users\Admin\AppData\Roaming\IQIYI Video" true
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe" -i
C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe" -finstall
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiService.exe"
C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\mDNSResponder.exe"
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe" videolibrary=uninstall_setup
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频客户端" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺HCDN网络数据传输组件" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频播放器" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyMiniPlayer.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyMiniPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺PPS影音 播放器组件" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyPlayer.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyPlayer.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺升级模块" dir=in program="C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe" action=allow description="C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="爱奇艺视频辅助程序" dir=in program="C:\Program Files (x86)\IQIYI Video\LStyle\QyFragment.exe" action=allow description="C:\Program Files (x86)\IQIYI Video\LStyle\QyFragment.exe"
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe
"C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\mkshortcut.exe" -output "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\爱奇艺PPS.lnk" -target "C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe" -parameters "quicklaunchrun" -workingdir "C:\Program Files (x86)\IQIYI Video\LStyle" -appid "IQIYI, Inc.PCClient" -icon "C:\Program Files (x86)\IQIYI Video\LStyle\skin\Logo\LogoBevel.ico" -description "使用爱奇艺PPS收看影视节目,清晰流畅更新快"
C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe
"C:\Program Files (x86)\IQIYI Video\LStyle\QyKernel.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.static.iqiyi.com | udp |
| HK | 118.26.34.93:80 | dl.static.iqiyi.com | tcp |
| US | 8.8.8.8:53 | vodguide.ppstream.iqiyi.com | udp |
| SG | 118.26.120.1:80 | vodguide.ppstream.iqiyi.com | tcp |
| US | 8.8.8.8:53 | static.qiyi.com | udp |
| SG | 118.26.120.3:80 | static.qiyi.com | tcp |
| US | 8.8.8.8:53 | msg.iqiyi.com | udp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| SG | 118.26.120.3:80 | static.qiyi.com | tcp |
| N/A | 10.127.255.255:5353 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | policy.video.iqiyi.com | udp |
| US | 8.8.8.8:53 | list3.ppstream.com.iqiyi.com | udp |
| US | 8.8.8.8:53 | pdata.video.iqiyi.com | udp |
| SG | 161.117.186.135:80 | policy.video.iqiyi.com | tcp |
| SG | 161.117.186.135:80 | policy.video.iqiyi.com | tcp |
| HK | 118.26.34.91:80 | list3.ppstream.com.iqiyi.com | tcp |
| CN | 58.215.125.52:17788 | udp | |
| CN | 183.61.167.78:17788 | udp | |
| CN | 58.56.65.56:17788 | udp | |
| CN | 119.188.133.188:17788 | udp | |
| CN | 120.192.88.89:17788 | udp | |
| CN | 163.177.41.149:17788 | udp | |
| CN | 163.177.41.160:17788 | udp | |
| US | 8.8.8.8:53 | gameguide.youxi.pps.tv | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | msg.71.am | udp |
| US | 8.8.8.8:53 | flux.hcdn.qiyi.com | udp |
| HK | 118.26.34.91:80 | list3.ppstream.com.iqiyi.com | tcp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| US | 8.8.8.8:53 | uaa.iqiyi.com | udp |
| SG | 118.26.120.1:80 | gameguide.youxi.pps.tv | tcp |
| CN | 123.125.84.228:80 | uaa.iqiyi.com | tcp |
| US | 8.8.8.8:53 | list.youxi.pps.tv | udp |
| US | 8.8.8.8:53 | aia1.wosign.com | udp |
| CN | 180.163.251.149:80 | aia1.wosign.com | tcp |
| SG | 118.26.120.3:80 | list.youxi.pps.tv | tcp |
| US | 8.8.8.8:53 | list.youxi.ppstream.com | udp |
| SG | 118.26.120.3:80 | list.youxi.ppstream.com | tcp |
| N/A | 10.127.255.255:60000 | udp | |
| N/A | 10.127.255.255:60001 | udp | |
| N/A | 10.127.255.255:60002 | udp | |
| N/A | 10.127.255.255:60003 | udp | |
| N/A | 10.127.255.255:60004 | udp | |
| N/A | 10.127.255.255:60005 | udp | |
| N/A | 10.127.255.255:60006 | udp | |
| N/A | 10.127.255.255:60007 | udp | |
| N/A | 10.127.255.255:60008 | udp | |
| N/A | 10.127.255.255:60009 | udp | |
| US | 8.8.8.8:53 | cache.hall.game.pps.tv | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| N/A | 127.0.0.1:80 | tcp | |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| CN | 124.237.225.21:80 | msg.iqiyi.com | tcp |
| US | 8.8.8.8:53 | count.game.pps.tv | udp |
| SG | 114.119.175.88:80 | pdata.video.iqiyi.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\StdUtils.dll
| MD5 | 572b16bf94a6492976f777b7d0373971 |
| SHA1 | 3ae46f117f0d3ea32b28de9a73fca0d912260203 |
| SHA256 | fb87ec46457a836060bd3ee33bb37ec4d222d4974816654b32ba9d40efd90c75 |
| SHA512 | 872347db453458f3bfe6d6bb9dbb66305abcf5773acaaea4d06e8800b3329f536d70e6c96e6dd59a20e963bfce496a0fe014302d2469353bfbcba0fbd2ba6fd6 |
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\nsProcess.dll
| MD5 | dacc5f5531887a11804bda084e12cee1 |
| SHA1 | 85e9f509668d9d78120435e5df593d988b16029a |
| SHA256 | 18584f582d454c15de69b515dcd8952a446bf18514de532c309b351b30d77066 |
| SHA512 | f16dcc34d444490621df50ea70772a692592bb35f078f7e7a7360976da873e8e917663344864b56f5989a65ecdaa70d8eb0df4f8a2495f50aa5d25f6f248ae4a |
\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\NSISdl.dll
| MD5 | 8ff1b274c581f2e928a418f3b90620eb |
| SHA1 | ad7ad3acd29b882204e74fe36369a6b89a8beed4 |
| SHA256 | df10d5b4ca10ea6ddce96d6ddecfc175f1dff4292a8c5c1f8e0adfb6e1e824c3 |
| SHA512 | a932f9b77fb801e624069661f9c0a7fab4a1e540d763d51bca91e2570767029261946c4ef522e1e9fecc189cd8090e99ba9b454439a3e3fec2ca318dcb428691 |
memory/1692-28-0x00000000003D0000-0x00000000003D9000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\DialogEx.dll
| MD5 | e0f33283138ef1c169f71cb1708985a3 |
| SHA1 | f10f88a272fc7c14f3a37d0f650aa7480bc1efd0 |
| SHA256 | a9b34148448d893558dbb91b51bbbdddd535e2c8387a13e930a4b5096b0af03c |
| SHA512 | 8094b5096cb0c4ee6572217beab6419b8d9ecdb2b902c9c596ef3cc513e4916b05c2bb54fd6084f274b6919d4871ae31cce4eddadd272cb7516c30dfc7c7db0a |
\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\nsis7z.dll
| MD5 | cb22c301a35e0d8551578940c018868d |
| SHA1 | 1aa3a19c0c5e8cd02feedca50fb1845a99964ee6 |
| SHA256 | d77183207b8a3b6bf4d7267aee06c7d0f76a6b42e0c007e596931ec59dfa597d |
| SHA512 | f1997bc05c360c1adad90317e7aeb97af9982b2e40e4aadd88522d640fda44648c733e19c572b01647cfb6b2093f2387b41db37f52cd87b8d02c479be0395f5c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\Signin.png
| MD5 | 053bf204ab9961e6843a052348ca8d5a |
| SHA1 | cfd71af85b0cae52a4c54429e925add459287de6 |
| SHA256 | 1b02340f651f6af1019402f595737b2e71f1e341892e419ae64617aa571db6af |
| SHA512 | 3476e12f9ba18a7663b6519ecec7fba8379a974d5962b37fa0d0ae024f9cb554d9ec44a13c2fc739e472b851531259aa3460f89c7683fde9e8de0b5e8a1051b8 |
C:\Program Files (x86)\IQIYI Video\LStyle\appdata\webcache\2\movieLib_pstyle.css
| MD5 | 04934b72e752e77dd0bf67c9d06a2272 |
| SHA1 | 9e5d3a5a81089989981cd9a44784e42ac40c638d |
| SHA256 | a18e3ac76891027def955b9f310ac15a51c8b514e7b63aa27cbb96f8d38cf926 |
| SHA512 | 7df18a0a080715a781df5baa0a7fccef6eaa4818bed11d985c42ee81acb9ce2665a5aacf30b7517d4d30c1aac6557f6d6a8b6623c15a7ce8f10c5d7691ee380f |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\made\loading_17.png
| MD5 | 0893bfeefb776d58da6ef7bd6b8d64c8 |
| SHA1 | c9905b5a2edb4f4caf87c76425e7db4e63b699d6 |
| SHA256 | e0787ff81f12df511d1b97382c78d58bf28269fac897eae4e0faddffe7be6aeb |
| SHA512 | fe8735b4b0042d1124ccf1dc55edd298fdfadb101bdab735b0bff89068909e61d81cef5b4ba967bc11a683b064cfe7638ea91cc4026a9073e197fc489ec78435 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\normal\loading_17.png
| MD5 | 28853faad82cbc1110fddc0c3a54d85d |
| SHA1 | d11e7cb83ceba8bd8223b59150bbd747222715f4 |
| SHA256 | 59fe4bb150bb9bbb28bedff5d2aaa87307041420100c2be31c9084f9a92fc342 |
| SHA512 | 4cd0a50c61f650df55ede29da8e72f5b909cbd6bae3d375176b0952ca8d46ce0ef06e104ab540e500f23e9ae9af9e2fcfb3b6c52ab7ed8cd6e7a11696150eb1e |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\only\config.ini
| MD5 | 534a43f71c3ae9f4860a02b65d1de41d |
| SHA1 | c6929fb5bba5aa8b56a3c891e9fdc1f571ab42c7 |
| SHA256 | b7b478999cc6ff9694335c0877d9a0182415a0478eb04d660849c8c98556672f |
| SHA512 | 5a048eb691bf368d955c010d30dd122dd27980de7da38a7e0ee1e13b9d98b71e3a5edc5cc1af908d73014bd6a4a2f25aaec5750156598c871d516d6dbcd838c8 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PlayerRes\Other\loading\only\loading_16.png
| MD5 | 11007ca324dd134924fa2bca5244eb73 |
| SHA1 | 56fa6e06d7db2e9693d7eb26eb13d52ab9ce8fc3 |
| SHA256 | 05395237709655d0cb9de583e7c2a3192df91388333d70923798eaf61b1562bb |
| SHA512 | bfa1d34ac7312cc273fbb59748a6e6f0cea6c6db7a498c04dfc8ebc2491806cd9d55fe766f727e3c0a130699a7f20d1a8d2e01ea005ad15cf706b0916a115e63 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\PLRes\btnPopUpClose.png
| MD5 | 7844d223803d5f35c4eb453908d3d3d2 |
| SHA1 | f6946969ca172c5735f19cc5215ee170bd963bb6 |
| SHA256 | 38e371539a017a690e546a161ce82dbb757ccfd46e7bfa46c79f8377a9d6a223 |
| SHA512 | 4db164312a9813a0288abef93a4ae7d12945a3f290010603e9343b4bafea8883a1bc626ebea2e548eb6fb915ab47786b2a0adf02b1b720f4968f8b15005fd49f |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\downloadRes\downLoad\config_dlg_close.png
| MD5 | 754a7d6d7740eead34bb5a9f6940f009 |
| SHA1 | 18acc6593a114f5616a539101f31504cb511459e |
| SHA256 | 154ca004725f7936e20efa1780f3cdef20869de4ac00d1b0079c86e31b0e59f3 |
| SHA512 | 785ac79cec2f7f3fd813761a53b506ac5b2fede0ba67ea8a5bf495da5dc028c69e88217d1c45ad4e4ad4c34b3d3a1d6df88363c4e8fc1c095af3078357e2abda |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\AL_Close1.png
| MD5 | 1867ed15b4256e9edc952c334a543201 |
| SHA1 | 386b14cf44c620a55f64c6069409eb0eb5c5e3a3 |
| SHA256 | 87b01d7e066af46794e584904a4bedb27707da1eb32080b60a286f01b9c27820 |
| SHA512 | 027e984adcc90553c9c699c6f1a797eea5e7b02f8cb4a807aa62263780485de235c6294b608b8a34c67e9b5024d98768cab6265cc7776884b9ab4e6585e0c0a3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\AL_Close2.png
| MD5 | 33cced8d3d97f78972a5418ec7e96f29 |
| SHA1 | 09bb1332bbb1f06eda3bb09f37b3699257162369 |
| SHA256 | 42803e7485f1507abcfca5f455e76956a0dd92ddf2b9d6341a4f2375a941746f |
| SHA512 | 04683521c7dc5e7f4ff701da3fe4291eccbe6b96ba5631676844fe4616a0fcb5e7434a47f245f9b800a47922b25c3d5a2d1063eee61b82db656866c194aca1ce |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\common\common_scroll.png
| MD5 | 93343a6c34066ba4b50a6d455210f538 |
| SHA1 | 10bdaace70cee2656f3c6eedd2c5aa5182dd6de1 |
| SHA256 | d2d9f913aa2646725e0af0d332a10a78b1d7269bf0d774aeb3e6dfc4be40558e |
| SHA512 | 06066d93e57cf309c064779a415a34290d52d9312da45acad20b0655f098568cb438d694f46aafe5d0edeb5178a50c6a729e174c683666d97112a1e09741b1aa |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\listUI\filmlib2_normal.png
| MD5 | 7602910002b9307718bb5a4c221d6be5 |
| SHA1 | 61004f0ad2d3f55c7549b3c8eecf2108d0efb655 |
| SHA256 | 9298a0cc560f702a118dec0bf34bf2d609d5a56d1c49e9658b0eeac0bba59a38 |
| SHA512 | eac38bff7fbf476bcd003253b737723c46c31cdcc205bde5f6c4bad9f5da75d7f08f061976c1bb724888f2a4ec38a9c0667e56c3a993a4a69cf236c43adcd259 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\PersonalCenter\set\cancel.png
| MD5 | d1a6675f77f74cc5847b0a59c49c3f6b |
| SHA1 | f96c4084818cc5836e4086b665e97c3bd7d99f47 |
| SHA256 | 29207dd0cbb59bd1e6fe489ab6ada4cb04c74083099127b194402f1f3ea4bf8d |
| SHA512 | 3f4a2f4fc645fbbcfb5fda5fd37fe8dffb96329c4e66841ca5bdb8c8ae4836e4eaede44a6e4e5ca17cf6bf02524d304bf83922092fc9b88fa72e94a322617388 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\PersonalCenter\set\ok.png
| MD5 | 4d34af20771db466a6439fa56ff5f687 |
| SHA1 | 5223e4281ff91d0bdedc9af14c4825e56cad01e4 |
| SHA256 | b4513c801e7893e2364967da122e5340a69a0c8f28d0318234ee0ca41ac12f60 |
| SHA512 | bb770d0649982b3f4d35a5b6628cd0a4168f31ea89e56eaf92f74412cc2ddcf8773dd60f25ff5c0d04d77960570d652f8b7cf7cdd2cbaf07151024c8355871b3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\mainpluginRes\QYProduct\blackback.png
| MD5 | 60ce4c0275c77aa5572892c81728620d |
| SHA1 | 82fc18f800c867547140a7764f38a65eec9a4b96 |
| SHA256 | 8ea1ba9ad6052fe784d79b9bd3ff879152c1d58738cc1faab0a1304b68ce69db |
| SHA512 | ee1d28e4c4b939a721f42f67505de0fe2084f36244b53838a4704a19f32246919a88ab7936b6cfa07e54f4b5c1a11d36305376a3ef42bb73bfa5fd679f83af91 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\MobileAssistant\Fragment\MobileAssistant\scrollbar.png
| MD5 | 8f6b9b86898ce75b5c94034ab1f14381 |
| SHA1 | 4005fdcd5071fe373db13e301301ed0e2dc74876 |
| SHA256 | 874664eaa38618437f551ed0492a89b718e44f2a6f64e2b5590b708c6ddb3b97 |
| SHA512 | f42d284538b5ca4f8382321dd96dc104b8d7f49a1339dc1e7fdcac4fb22099078d29ccf29a7b9d23c94260295f39126197d082b4983acf7be9a1569ad4e237e3 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\common\close_big2.png
| MD5 | 51fd1384bab6df779007cee07422e4ac |
| SHA1 | 16e89c96196d21f3a85ed6a0f5d97d096c2fbc15 |
| SHA256 | 9c0ec21d601c6e193caa0a04db9c80318d15e1fec713d3e82e53f709a5620fd9 |
| SHA512 | 279c7e23a32b639d13d836b1c9744bbbeec4167a95bd3302bae6ff2738877fb2e99e8a2c95934b38c74d74dda4783ab14f81ac96c551084e9cdbe4f9ee24519c |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\pstyle\PersonalCenter\common\close_big1.png
| MD5 | 5fa2adb150f63cba9e5443befe17eaf4 |
| SHA1 | b5c2a1cee13211626c061c422961a1d0aa742703 |
| SHA256 | 02b0a8d8524e604ed201f912fba8ee58c5573f8310145d3e64a3c279726dac40 |
| SHA512 | 9cbde58a143beabec9cd89ab66bf0f29db6903ece436fdb0c14dfd66803ccc4f951b316216c073be9e8032d20f8e0f93a4c393672884063e3cf8f29f7b404607 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\soft_txt_icon_2.png
| MD5 | 1402aa18efd86eec43a345d936f8ab4d |
| SHA1 | c51a44b65489e041620c8ce9ebb5d04c517d27e5 |
| SHA256 | 2276b09083e0da61a550d97c12cd814622c853358f26dcaffd423285ed29640f |
| SHA512 | 7b4913b6a30410d87a3c1c87d4b6d15510c47f17b38c3c2db11da2fb344b88e5c3d86dba86781eff180eb803222af6a58b6a0a12905139b085d988061c5bfd12 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\spaceship.png
| MD5 | 575984f7a1cfe13a9ed1d3800bd7d14a |
| SHA1 | df04fdf4070d29d76aaff8f5b2f68bff6ee0cdc3 |
| SHA256 | 925b723d434d5528c4dd712102279974e76842b71544fa8153d6108d11ccd7de |
| SHA512 | 1d2eca187cfead14798cdc18b4ffed909b483869281bd05fc4b7412fb76a7ee6987efbffa17db218be32d4c2e1ee6e1cb383a4a96983f226baae1f42a330725b |
\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe
| MD5 | 3544d9748462cd7593833d993c29a37c |
| SHA1 | 1877aca3b883eaddc14bb00fb2055240f474647e |
| SHA256 | 16957ec4af0aa862c4d7da1ddc270560837485b602246a475f3d7124e942db96 |
| SHA512 | 805b0ee15917ef2c31f1d087ebbcf23cf40cadeb0cf25512bffe29678c4e4a91cbd1888871d047efb4a173fcb1b1be75e5a9b59707f6b9b0b25cb9fe25523775 |
C:\Program Files (x86)\IQIYI Video\LStyle\skin\logo.ttf
| MD5 | e1097f713080d07e0c717e0737ef167e |
| SHA1 | f31f1c4570925450c1fd1ac847cf54461b6274d4 |
| SHA256 | f2aa97fb51572edf0694ae328bbdcb01a172189aa53549b7ea8caebc66325249 |
| SHA512 | 786dda62d0423a9733af16035390e99bd47c5cd8c49f2802eb443896230b2dba70eefbb95de3175b2143dbca1f9ab8ccb8cd8e7cd8b8821f0a93d1a5c69923ad |
\Program Files (x86)\IQIYI Video\Common\QyGameClient\UnityWebPlayer.exe
| MD5 | 95bff19e30f8b194eebc8c81b671d6d7 |
| SHA1 | be2883ccd72263e162350cdfb7bf9d4bc5090f17 |
| SHA256 | 4fa1020f67d7beee37c67bb6bd86ed8925e348adbf5748f9555dc96797c651d3 |
| SHA512 | 762bf013e4d46ca61dceabde986753cf501442e1c72dcf394b628e2f6273ff05f686908bf9ec3be17d28b34602ea0bc18795e296da43dda7de47e81962a559db |
C:\Program Files (x86)\IQIYI Video\LStyle\GdiPlus.dll
| MD5 | 385e243fc4314f79c1e3042070586d03 |
| SHA1 | bff588a2ac255b4cd1e3a9528529aa0e26f4657b |
| SHA256 | 18055410347fe57288aa11917e77f9b5833f59e669e8c65fc589d314eb6b695c |
| SHA512 | 5854cd81f2f9d5d01a7c0e3ab1b6801490f455191089a21dbc199cf924f59aadbff85d9b963700961c326a4def2a13ff9ba6d3933ead17262b7b66d0279f2c55 |
C:\Program Files (x86)\IQIYI Video\LStyle\QiyiDACL.exe
| MD5 | b6e9d6c600b793177c69ffc751c7a8f2 |
| SHA1 | 2d83d7e4a84a5378333250a470ad6577ea858780 |
| SHA256 | 19aa1945952438cc82e633ff6c90c4f21835fb79d49de8649dd1e18ae4c9a80b |
| SHA512 | 069ed99225d5d69817e16f8dfc2c95fe7c667e9e7f7b03897b58ffabe14ced8b4498b5ed117155ef79761f5189f88b54729864623cff1c80d9536f7c08ef4a0b |
\Users\Admin\AppData\Local\Temp\nseE208.tmp\UserInfo.dll
| MD5 | 13a689123cebd31c1d1862e05981beca |
| SHA1 | 0430094a1a0f639ba9bf5831c24f1f4330762a6d |
| SHA256 | 386933bdaf4774e88670e21abbebdeddf64b1e87b1681f85ac5b3ec1cac8dcdf |
| SHA512 | 0663148e80f4703000bbfc8ede2bcc7cad19877585a5cc46aa13a7003377d7315d33f01c1d311d38bcf5e3782e4b361510214f09a9f6537b856c5ad9bc41fdae |
C:\Users\Admin\AppData\Local\Temp\nseE208.tmp\UtilsPlugin.dll
| MD5 | 877ba4f17e960ddcf0c2fa2df62b6710 |
| SHA1 | c452ce34ed1b5043bb26ec938d170fffb14b53c9 |
| SHA256 | 7481df00348a7279b044cf12f7188b2c15e6a1862e5ed2ea8e7e2b0dc6c027ae |
| SHA512 | 0ae63c05641c234d53573e69eb143582916c4c976fc11d78efe0310b8fc04b0491838abd94b8c7b9ee5f77ddf41bfdeef61227c87a6da427c68b9feae6ada612 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\error_togame.html
| MD5 | 5926b1d339e58bf3ebc876939ea4c2c5 |
| SHA1 | 64394e162c82bc19812c62881ca1545288e56516 |
| SHA256 | 5bbaa9feff7fbe44b794df4b493c587303588d74d138cdb50504ed5b6e3c8669 |
| SHA512 | a8f7374e80214bc9ba4e493e8706e59f55f07ccc31601ed550f0d1787e1c5dc6695f4fbf75e7e2b66c031fb44e391af6d65ea619c3286aedf3d12c819b3751c8 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\xUILib.dll
| MD5 | dd1da7c9c63bef5810d6bf420b250711 |
| SHA1 | aac132d466e9d5c6d0c0e7361de660d19b233832 |
| SHA256 | 520e93652c86c834ac667c129f6fa248be683dcb08a2001af8bb8293043d059b |
| SHA512 | e98cf642aeba71c5bd4f14d700f094c5310d63914c070a7218a892e7842e0d7d2701797742727e11eca929a4839d3d6d6c243725b80b056b8388e476243f2355 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_next2.png
| MD5 | e6c6e3ab8badf71c9b74ba5580a142c5 |
| SHA1 | 8f9785ef428d3a4d7b24af6eea4d9b4f138000a6 |
| SHA256 | 1480f4518ce6abc1975c577e24195db18ffdb7819fd379245c0ea6eea811c387 |
| SHA512 | 9f70184a0d21a8bbcb13eba85f56a57f0e9b499004855a6967c6922101bbcd4a668913e1c4a569c01102950b97b2f2bd84a7e28bea91660cae55c62f0ac75713 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_next.png
| MD5 | d2f76b0e7cbd0875f256034b701fc745 |
| SHA1 | 1bd822c14c75db9d8958c9c2d5eadb068b1d1459 |
| SHA256 | f007f96dd7b6e68b1e5464d50f849aa4af3f7d518f549f04f6f499a03d2967de |
| SHA512 | 5e9ff44861771697f075625f4e201e6aefbc71407d9da7972d273d439809904e2070dd832128c019f2efe6d7a69a73eda8779c0ba4fb3c94fc485faf18ad43c3 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 849c0db12448b338a7454ce8fc8c6365 |
| SHA1 | 1477afec52ba1303cab09b085a7148bcf56b2497 |
| SHA256 | 9897278fec98e2ad20355747dbcb541f2c87d15616f6f15215fec3351590b3a2 |
| SHA512 | cfff784ac25afd5d6b6a4b15b90f41614f3a9299e77921e804b9464504ea472e6da69e2142784a0c6dbd6f2319ef124220da22230dfd260e440939f14b97124b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\download.png
| MD5 | c23de7a166cca9bfd65f45ba34d1818d |
| SHA1 | a290c61c941052cdb4a7e14500e7b3d63189b201 |
| SHA256 | ea9383a3a1832fc40bc609628ee597a397875873000dc8064ee0eddfc9f35481 |
| SHA512 | 583aa3814a4388e76012c9e050e21fb271aa4534864df9ca696fd62b7011ebc880c712fb3fc9812cd50caab53a5ba4c27bfee7febb81a4c48a4591dccc82881b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\favorite.png
| MD5 | 925dac8d7dfb904c4880d58f8534f195 |
| SHA1 | 2ec4dac0a17a25b4ba5d0db1a63c98ed5d1f721a |
| SHA256 | fce5afb7b6bf8862e7ea77793a9b7a8d5bbf4e6959ce2b11097e58c929f3c1a6 |
| SHA512 | 4ede0c70af35a5e4bc45217aa66bcf887aadf72784141f0916d7bb13d7af5f45b92300a8a9560ff3b27c9fed459011f09623722a60e01ebbcd92e416863bddfa |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\garbage.png
| MD5 | 8e6989854282ca58bd40972d41c7fd25 |
| SHA1 | 7f4a2b8bd72ac7174e1638cf7f2d3120d8003ab6 |
| SHA256 | 858be9c29e75548d3233ba5c6d41c418a45898b820f1ad522c87a5c371ddad9e |
| SHA512 | 3b9d974a28ae4739814ff68b5b6df7cd284531db5eab075146e0d5ff8a4003fca4726a14aed82125a2765288b97c0de1a8e2011d3ea9ecf183432d657e643dbf |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\head.png
| MD5 | a89916eeb41c0c3c443d50cb8d131332 |
| SHA1 | b49a77bfb3a6e7c3a3df87c636341d066c86d612 |
| SHA256 | f6ca4b4a8cded79092aa4b5e788ea16683b7a09de92883b485bb809e0623fa55 |
| SHA512 | 14b95c8437b3c907fa085b073c361f58c198051f8f1f6a9626bde01572ac789b9032880466d7003fc274327a71a2a9366eec4cdb28ef331d1e69e3308e71838c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\frame.png
| MD5 | 592108d157c2b435940e9dbed9352bd7 |
| SHA1 | eed5358b33261c10182d5a60872424bf9ca8b0ae |
| SHA256 | cff533e501ec402454b48ebe4fd22b73b98c3c3ea4c963310a7b62cabc9d3f49 |
| SHA512 | c48cb65fcfe82d95de13c6f3f6faa0d047f590f320ff4ed36aeead78e2aa0e2ec15e9807e4f3893225a45d7495ab00c6025d2b852c39e82ff3c84de61e1d1cbf |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\float.png
| MD5 | ff304c62e6fab224599ec0b105ac81e6 |
| SHA1 | 0b4ba5a403859e4afca596406a248f946a98f186 |
| SHA256 | 121ed9ac4caf66d1678dc81b2a4b1288620083e463ad9ff867f882dc9b8a772d |
| SHA512 | 30b9d00e1c6081b4038724468bd02e452c4917f954e04aeb23b343183191466b67c83f921d3acfc0c355e344dbf7a2a1668bb136533b726686931f7ad768d10b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\favorite_tips.png
| MD5 | d00008d5c1a31a9fa8638cf84006dbd8 |
| SHA1 | 620efd03173868316a8be0db68777959e58d8c45 |
| SHA256 | 1baa2c70ef0888dfd516974ba035def89b71e59df4e67641aa6998fe57872ad4 |
| SHA512 | bb7b795010928e5dfc72d48586061a8761594a8148df5fc45c72c10d593f6ee400f118542668c8981c1db5cd4a028f33ddd852e6d9600dc0dd615c52bc95fa13 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\event.png
| MD5 | 6593763ad138debcf7d3f90b2c5d5755 |
| SHA1 | 47fbfac0d17b1556003504e616e84edec12f0788 |
| SHA256 | e45e77407d0d01ee60fe6a947f2fbb05db8f07d4dd9bd2d7753195b235200f92 |
| SHA512 | d93baf7070183626cbb23a8da565bd621cc3317e76a1718dcc641098a9c4f39de4a2c1c6ab4af804fbb4bf84e69b7bf2429ce425cdeb79e8d295e6f1cd7bbe59 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\error.png
| MD5 | c4a5a20e06eb6ce6217d140769eb1553 |
| SHA1 | fef5ae83e09ae1f90905a0ebd7558621e0523f37 |
| SHA256 | e2eea44582a65d1f1816242304a817873eeadacfd1e33f9041122201152b8d0d |
| SHA512 | 8ab5084d18e0feb5477cc3b610a2aab52cb830106f712b28341ba62e69ff9c6662423dd797d089ebbc5afddbadb87132a5a8eb470e2d4070a9b161385a3b3c2f |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\EnterGame.png
| MD5 | 475bfb6523c9f18caec3acbc86e92404 |
| SHA1 | 78c3fa8311e88720fbedfb005736e200da10b874 |
| SHA256 | 6b5ac6a356f7d3a80e5e9e172d2b57c81c285f210e10dc52d651dadd5d2d211a |
| SHA512 | 22f98e7ab9ba9621d7bfcd955e70c665731fc4aeaf924f6066707e8f5f08e143880171a2d0ab449d3b79dcbb1853f2a148725dd56bd24b124a95b6fb6b161441 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\effect_dx9_4096.efx
| MD5 | e70e1eeb48a6917dd29706237528963e |
| SHA1 | d44dec9b72f3a282a9d7c8c5864e1b7e3c7e0409 |
| SHA256 | 9791efa6f1187a8b35b8cba5e9a3913c119695546cb7c6db085dc71ad42bba04 |
| SHA512 | d88ea3b8fd6d76ce0c012558af36e823561fd7f0295ba8631224f1c412be6e8b20137224f16800c9bb453b226abc865bd457ec51cbd41b2dce192c9c6a1bcb9a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\effect_dx9_2048.efx
| MD5 | adab7bf26923884a3c0302535f09958e |
| SHA1 | c5b22a6b4b6cf9c4a44777e72c16bbfe5ac01435 |
| SHA256 | 223036f5851510434f3f80e8c0b52af01212093bf1afb42a671822c64667d6e5 |
| SHA512 | f461eb0b7d411389a0fe7276e36c6077ac8bcb9fd67b5b89de28fb915ac8541628c7eba5c5748e42d57b16291443cedccf96c5970d215dc91bec61d29b5da953 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\DropDownUp.png
| MD5 | 6ea730d53be92fa405868fdfd2f03150 |
| SHA1 | 343b3d1384ef8f81e5cdfa396e21951a56673332 |
| SHA256 | aa193c7fae1c657af2d60ca971b020feee63d6a529dcd29d4c33f6b00fdb9bbd |
| SHA512 | ec76aec2a4b2e736ab5cb64d0b7f00615f4c559a6cc3468b1466045c45e7ba240e5c73ff087cd7824373724f77784ed9bc3b957667880c17b9bcaedcc4efdc2e |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\dropdown.jpg
| MD5 | 7ad6ac7e3b63b884e12c4d1ba8732702 |
| SHA1 | 8236eec4a0dfd722b222e451fe964b4cdd5e2e19 |
| SHA256 | 51f7b5e1491d928fb39cb3b574f9ff17cb1a0b39617a93f10af77636b9254b1a |
| SHA512 | 1caba34b94e7e94be45d89456da4df222a6a0804196379a5bd9e1630d25e61e948656a8d1d2b277874c7956e1b773997c13f81d3b585aa31cf9eb798fc6a7c43 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\download_game.png
| MD5 | 59dac2d26d640c66b455fcb14762c4e5 |
| SHA1 | 3f0737acf13fc2af2fbfa8296a6ecfaf7b3891fc |
| SHA256 | f756f1cbb6bcb9f724e1753f151f1fb59fa3159d44f7bdeaf188d0e485b28f75 |
| SHA512 | dd9824ba456272be54af89bb6a7719092e1cbb3c6dacb13ac9148da9e1217364eb99c6490b15f11ba4b500a54b91c9f56ee374e81e4edd5daf310f088a02c062 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\down.png
| MD5 | b8a4119f17b6952072ee95e619438e9a |
| SHA1 | 11f9f36de5a4901950ffd58261558ef0e41aceea |
| SHA256 | db98de0055e18b34da2bb4c56d88913afb27d64e6d1192ec87796b756c62ce21 |
| SHA512 | 117a66f613ab723167c0f608cfac81dd4db1ebc2485d4751adbeff08c93292a520d44a4c8bb3215f1271a0c5bb648d863f959b988dd0b431d4ecffcf0ceb5b74 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\dotline_row.png
| MD5 | 7267ba75cf72626c31e8548324905e97 |
| SHA1 | b67e335e04d2fd9a370895c909958b679a4e02e3 |
| SHA256 | 139e56b5227e87e169ab7c90bc972dd16132fb89880b2f49ea3acef95afb9042 |
| SHA512 | c4391daffd8ea11bcdf193e587873f21af3d1f694fc04192e328584959927bee3fd12053cf79bbbd6388d12d258e06763eb8835d699b0a4d96e473d1fb3c8b87 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\dotline_col.png
| MD5 | c0ca066c359686727c94faa7785ad6bd |
| SHA1 | ce6fa096b57c66f9fcd3051756a60afa7f44e41d |
| SHA256 | 41b01e59c1383425ba03e4d05999c6fd627965e6269495c00b213aa4325d3240 |
| SHA512 | d6786c8bfc9206ce3abdb7db6bb021c7a06d7a0ec49be8b355dfe540a1c06e5e5e6a5332f859c4380e92e81add0ed5674aa7557f066e768a8653e117f66c5d23 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\dislike.png
| MD5 | 12aea16243dcb7e1dda1687b2aecd6c1 |
| SHA1 | 289cd20a1a409a52da2c95e4b47bd99cf45c9a4a |
| SHA256 | 3d7026fac432528053b0bd89a715bb2c2e54179832fe03794185517f841e7403 |
| SHA512 | d8244c7b57bd230b1010093a3eb5f2e116a4ee31776d571327e96f11cdd8d99939dba3659fea1b52e10cc34321caf5f6ecfafaced7df5c7e63cd165e42f7cbe3 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\default.png
| MD5 | ab98f23ce1c7e3187b0e73d42efd1d53 |
| SHA1 | b80d38ad33dc89b42b81c053fade7a1a049b68bd |
| SHA256 | 3c88faa2dc8924082654c78c84980f8f44cff10c2326c9c4594dc2d475775a5b |
| SHA512 | 5fc9ffe92dc94e1d217dd035d378466ebdae9360405ba6bdfeed7fff57344eaafd19169ef757b0162fa49c7558547c929755a4fb75d6e33019741d47fe62616b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\combk.jpg
| MD5 | bda61d3d16b5e080958a26403856dd76 |
| SHA1 | 6e0f505387a78a81be4e9a5cd1b9e7e169d437c6 |
| SHA256 | e67a18b2fc2992aff28ca1313f098b84e43028faadb6b1313200fcbe8d91dab3 |
| SHA512 | 8a11210b3ca823639655adfbd357f6424f9fdf9acc0969bb7f506dedcac562c11921391861da76bac974515656a010fe8f735c93a1cdfcd53f2aa67497c5356f |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\CloseBtnImage.png
| MD5 | 669e1458615cdc45ecb657f19f4c47ff |
| SHA1 | 5a581bb204332d05efb30c58fb12c6e954a588a6 |
| SHA256 | 631bee4f6b34820aad4c74092ab8bd241d84c8a72183dc8e054cb82f01270297 |
| SHA512 | 437ab69c46668ae16f9e0ce1823255799884e309a4fb2345f8830a5c6b7d73655cdafec8ed813c7ace036a62f09c9db1f905c69365d9645d1ec83439337b8b3a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\clock3.png
| MD5 | e4a948196291cd9e4593dd8176a30e8f |
| SHA1 | a16f8d4aff82f0a70872bbf1bb49d0100a7c5d87 |
| SHA256 | 97f6442227b58735e933e67bc5504890e2580590060648c71ae9fe98b4526fb9 |
| SHA512 | af1f8bfb182e1319456ed0e79b2905a1446cb973a25f6fb38d6f88813ac7eef44103655e590eddf94c6c7ba045721b5d2b16255b539c5384dfcef9e312c3ff78 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\clock.png
| MD5 | b544e79b41f4bc35aa817082ecd8b813 |
| SHA1 | 5bbbb6b5c015f62b8ff3eb0a6520acafd59a5204 |
| SHA256 | a61bfde4ad5caddf5b751af7fff2c65fa9fe885f780b0d6a4c49b8717d97ab42 |
| SHA512 | 7c5b112c9ce3a4cbbb92aed4e74d18c23b8bbc2f31c9b281ac4024994e62fb995442002aaf8a539a3e07fe030c7a9e09b13d76b72bd75e24a5ced228f25d3076 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\change.png
| MD5 | 775c8c473d114371aee960166e797a1c |
| SHA1 | 9d6781c18cf88a45fab4eccbc0080167fa71b7d3 |
| SHA256 | 29faea036beb35f0742556fa75cb9c9e8f34895bbe24899d7a461c9a5b7ad6d5 |
| SHA512 | 1318cdf41d31360049b67f4d1877bcc3b3e4f0e27ff91321e6c7739e6007037116baf4a46c5fefc33f30e859fd4cae77fcd2cb4dcebd74be2c95fa40c31ac181 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\cancel.png
| MD5 | c4501efb71ab8a88611c877bc8d3f2e9 |
| SHA1 | 61836546363409c117919f7f744eb3b62619399a |
| SHA256 | a1b31668e240e38e7b85888d783cd5045b90747a2e8f3ae8a72ec3583274f82a |
| SHA512 | 26ec7eb4c95c85ca9f6e5fd823fcdb75ea8353751999ae524f642442fbcfe7ba8a48c644e6384fdcab78a6df1114aa529f0871b0731b752946df9961250758b6 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\buttom_gray.jpg
| MD5 | 01aa1d97e77f242a34b5da6d2f2b1de2 |
| SHA1 | dfa6ae051c6f22d30387a6760807fcefe1746343 |
| SHA256 | 55e5a5bd697dd9d01189ca52d10492cfb614c023e884d781d2489eef94940ec5 |
| SHA512 | 26af1af1f34f0f0c5a32506fdefa7cf8abebb6afd16089c3ec89ec754efe894fcd7fbe55d222d6b6bde690ee26977bae2fee570a1fd3530397b38c575d19305c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\bubble.png
| MD5 | 5809d6111ba9d0f0dca94aab242026c7 |
| SHA1 | 7c22450d09a0d56d18dfc742455253361f012196 |
| SHA256 | ac1cf25396f995245fc4955a3dc4fb1cc49c39307db7bfd71a7d7551ea6c7be0 |
| SHA512 | da6c207f8eadfd661650adf72191bdf31b7cfeca8b3fbb4cb75e0fe6686f7defaca3b1e9251bef5903bde1e3849ce5d91005fd509f80abe609d603f533c7d8ad |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_ret1.png
| MD5 | 2a8f0f7669103f39c10a5f3d76572f19 |
| SHA1 | 40f7f8df67ce3ca7c06347e10e784835647d8fe4 |
| SHA256 | e39f3108af9ebb13ea48d540c10e743ad505eadd914e5a6181f7e02c3f4f445f |
| SHA512 | ea64409c2ff9c36c715eaadbfa42ef1301b6ad371a0f5b004c8613c2cad6f36bb537f7dacdc3f496b3b675e80e6339e108c3a4d63d6cc142a5be1ae9f6fd2b55 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_ret0.png
| MD5 | d1b7f29671caee4fd94f2da0a3f6de8f |
| SHA1 | 3db70210a894e341f86200e97c6796a6cb957e19 |
| SHA256 | 5a1a5e6e22070178cb4e197ce5908a385624ecfc4397eb8f2c386303f23419c0 |
| SHA512 | 94f323918c207233cd31eb5047f9b285546d50f3ee3db933aa35f66e393b7fbd1ea9cca70de8dcd8e1e60be2a85ee8a914a944717e9a117ee76b966620abd490 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_play.png
| MD5 | efe072b9f40e37707fea80e7c44b4239 |
| SHA1 | 6d4813b46390e88b2fda0cf4c86677999d1d08c2 |
| SHA256 | f3a5382d884ec50790f997c832698637d3ab7d713da87d34c1a2abec34154248 |
| SHA512 | 36da4270612a0178ba085436812ddd755c1a3361361062a8a83476087fc8936de332d840d5c939ffe1e909084a91ad9c7b2bfce75461fecd03e671156f0c3fdc |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\clock2.png
| MD5 | e28c2b70c7adc739dab9f8d1c35fd4dd |
| SHA1 | b410b7a04a1e759317317e640ead04c7d3aa68b1 |
| SHA256 | 767b41c52a61ce2052f1125098a67c137cb66cea10de1520f9eba19143b0233e |
| SHA512 | c6ca780fb6072312694890d935c77e245a8bc724ef68e892385419d8e4c9eadf7f8a32ba496bc8ffa551d2febe30f25d9ddb2f574e3ffd3f581308d9ac45b6dd |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_page.png
| MD5 | a501626cf7705ff8174c95811d8df7ed |
| SHA1 | 73a11ce3c98edc4b3440877fe955bf67b1cbe2f6 |
| SHA256 | 79f8d73e8261c148b892928921dcf4a4fd0d94efc5e550de568b0930e49c2de9 |
| SHA512 | 2eb7c3b389ea103b5d65a32c0a1bb1130217ee728a02223515fd0efc9cb949e5ff95226e2c930ac61d0001e063f89d166d3c21ff0ac70d6083ae4b3c7f03651c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn_leftright.png
| MD5 | 1e99938728bb59279da6c6137d4dac1d |
| SHA1 | 486d642cedd0622312e71d084c41156d67aabb22 |
| SHA256 | 0195bf63fe3f748b8fdec44e48c53807eb5b7f6c9a12dd41b12b3a8f8ac643cb |
| SHA512 | 6950623383605e7a33d29a5a2fc4ff6f819fd043e38f5cad65f40d98f5cfffc86f2fcc6596fc1fc8f7218b24b07116952ca9efad10f6ce113d56eee93b5182d8 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DelBtnNor.png
| MD5 | 5ff65cbf00ca0eb38b04df50917ac76e |
| SHA1 | d5c498ddc143f575bc00955bdb38640901b85a85 |
| SHA256 | bd20a3bb861109627eef3acfc4cddd6120b6e96d7de94415ed375b43930c78ca |
| SHA512 | 01bdfba569dd465a84878cee5f31ba9694953c9804338654a135d8e081639a88dd419cb7b1f3edf843fa98bcfe0be8550f0e0709f3b51f5a051914fe2cbdfb9e |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\DelBtnHov.png
| MD5 | 159f343e6d3f9ba1d99da3d187398909 |
| SHA1 | 5855b18908526953cb8b8a9d281ee144107dfe76 |
| SHA256 | 1446a20293259c127b7631cb9934265c89810039e8c076cd98f946d55e00da1d |
| SHA512 | 70d6c98f6e57036a2e894c102888ea86575ad3e00e30ff386a1d97c6d4f407d29945f3f11c0e633e4f81179fe6f868755c0e82a0b9f1dbcc46e9410e6207ccc9 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\defaultgameicon.png
| MD5 | 116824ac4fabdc85d00e1d6e60fa6fff |
| SHA1 | 5bc1c4a8c152de3c1ea834a44e247ecb1e1ae865 |
| SHA256 | ae9291b1744a13ff45be576d455f268b93068651944e5fc5998b8c85eb1ef462 |
| SHA512 | a2397a5730dd9fcf8da86e58e247dac4b3806b5cae62b706cff2f8a87a0e7000c875b745413d6ec05c930fc4d5d89bc9b14389c6100bb437443970c889207a61 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CutLine_mov.png
| MD5 | 7069d28083d1361384f04c0d0f68904e |
| SHA1 | eb42e13f8ddd37a0a6493d1a8b4fa629c04ee229 |
| SHA256 | 328ee1b1c993d27c97aeb037e0e755e05a106aa4ee9e3203f350c9a09c4fa8d6 |
| SHA512 | 316e4539fb1cbb0204bbdf4beeeba9c3f268a006f280c74ae3d2d77caf1d34c571073c0dde726cacd94aa2237d5e03c345d38fe0feb6eeff01803cc634358403 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLink_Nomal.png
| MD5 | 673f47624b85a4403fdc740fe2721397 |
| SHA1 | ab0843b01f6a80a70c2cbaabe67f273094f80b33 |
| SHA256 | 38bb2806bdc0022541bde8ebdfcc7c4b4724489e870cfa7ec5bc16919057f629 |
| SHA512 | eb43372ada55842ec5a7ca52be3a4cc0eebd1bf83323b06f3587632f9ac76ba57cc943cac46c3529bdc269105aef965a2662924815b253044f5b34a77b0d73ca |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLinkTips.png
| MD5 | cb1e1030a8813d00749d308b0da73b9f |
| SHA1 | d97c9823d234fd8650dfcf540796d26f97442776 |
| SHA256 | 2d0fc3650a7f32216d8545dfd541bf4a1ab9f386521ae8f035ef8f6c069089fd |
| SHA512 | 24141197dabf6dd18adedf1920b52dbac7a72eefcf71cf66d02048e08d480c489e3ee72be174c593bd7a4e2882ef62bb0e941e5dc3c98d6abec15db88cbc5051 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CreateShortLinkClose_Hover.png
| MD5 | 2855abc8bc2f15113af379b3ced104a2 |
| SHA1 | 0aebf0295a17c7fd6c722ce10a65c9fc4fd09f03 |
| SHA256 | 671af83a229fe930a720e5805e079ce2c01334125136011d8adc0ee6c3dd50ab |
| SHA512 | 5b5063eacf5fdd0ee1e939090334d5f918c4fe3484a6a0a3ee4c87e8808153002ea8316733a5a8e84c5e019a2c6f4a64b8390ca339cfad7c2135fcdb9024b3c6 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CommonBtn_normal.png
| MD5 | e189e1d1d43cba9e78c008fa248e02fe |
| SHA1 | b374269f970d337375552f2b771126f11da42f15 |
| SHA256 | 911eb65979874e946ac0b2da2440084f98c3088758e2f1bd9144d495061d6aaa |
| SHA512 | fd1b83cd8130000670756169910920145c9a1cc1ca35b4efca61311248db07488d32430d5d3d1c45b231b3d5803e011470326f4e3ec694ff5663a16b66e1df67 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\BtnLook.png
| MD5 | a10dd22d96d01a586d1ec1bdb3e2a452 |
| SHA1 | dbf16d2feb475ffe776b3f4ff93fad0e1df8a324 |
| SHA256 | 692e2688c727b8d4b5cd5c9d57e1baacccf4c9b42050a6a1e61dc0f97fd7356c |
| SHA512 | d30d1cc6635911924fdbcee591a6236c219b46f232e2a4475ec0f94d92ddbef2fecff61b11535f25ee51d9670fd937073a5da9b02e50651a6109f47325f22350 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CommonBtn_Hover.png
| MD5 | 15ae314b60106f6eda43676eb1d3de6b |
| SHA1 | 2897302883ec07add176c4e03f8dc9a4ae6afdde |
| SHA256 | 8927bf74e9d960dad95ba796e6f2bc731c5b4e1192cbd7b120cbd2f1898ec3c1 |
| SHA512 | 479afa994781f6a495d7439ae3d0afc131ad5ad7bb5ff1471f1ffebf61633a74624e41b06b481f17c8a9f723635de871273147659ddf070664c385215bc23a80 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ComBtnHov.png
| MD5 | 6cb194b84853c3d231eead716d49370c |
| SHA1 | f95a681a3dc9318580bb62ef8ce4a678d78f1ec5 |
| SHA256 | ee34c098163504705e055812f003d823efe727600ea4b56db73553e2ff9d0219 |
| SHA512 | 5ba1f927981c8679b49c5fd079ea2bcc662c8e9282ae736783c7d46ddcf7c486ad48856cea0831a223ac8b9600eea541a35fd3b4afd4fa2f132dc554503ba4ec |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ComBtn.png
| MD5 | 0a2318d4078889584caa4523315bdd70 |
| SHA1 | 281adb6f789746a5c2e446eea019c1e1047ab8d1 |
| SHA256 | 5956629dc86c8486d28137f91fcc493183a53a103c1ba5f4a4019f67a132e9ef |
| SHA512 | 5c05917259aefc4b675913cb896af105b1e7bf7cf07ac400083303e2952e307fb72eef4786e27381a7eee5d2b17dd4d55a9ed1dac7acded6890db927f4657b5b |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CollectingToDesktop_MOV.png
| MD5 | e4c70faae3c4fce495e12d24c2854c8b |
| SHA1 | 9faf01736350722f60820485bc6fa1eb364e2c5d |
| SHA256 | 03f78a2bb0eb5d120d85e7c08a16410921824154186b04ef1027905b07d137a5 |
| SHA512 | 54567bbe7b75acc0e09a4fde69ff50d295609fdab69478d8c995213d4491f09aeaeaa134b2a63a76d3c5f92a8a3b61c1e56b8593dddf17a12ca28b6c8af4e4c9 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CollectingToDesktop_HOV.png
| MD5 | 8f88aba447c6b48423a6ab9502060195 |
| SHA1 | 2d434c1dc6f8523b49dc669abd8f69f50656ffbb |
| SHA256 | 78a209e1df0745cffb42aeeba157769ccf016dd3e356719415c11374f0e592df |
| SHA512 | 927b79089112c18870b43568c6efa1f8959beb39aaba9356429d7209438f8ad330488f3c49d8b4bd9aff29808b751ee52c82f7322dc72eb8a2d1ac563ba79fbf |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ClearIECache_mov.png
| MD5 | 683aebc33c1a57d4e7193ac11edb718d |
| SHA1 | f880556c87ea97d913003b5d61bfcc46309203fc |
| SHA256 | 2a1b1688b001bf57d60a0c47b6b82910c443015711820f6a95a073e540621a40 |
| SHA512 | 6aa2665a83c7b683658601815d6b0957ee3376645158339657bda2ff765b7db91fb8abc49ef0e50c5a9474965ccc9e34ba8df82e28d8cfa2b05cd49225a3a454 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ClearIECache_hov.png
| MD5 | 5e9c33c45c3997c6bd2a227496d8bbf5 |
| SHA1 | 61438ac8294a4723abf785604b05f3cfb3f190a5 |
| SHA256 | 59a3e8272352042ab795032d5dd448b2f9bb3c9bb0e4a119792ef31094e69005 |
| SHA512 | de8df25f3294dfa0a01433df94672272c119ab58c58e7af5bab3cb155dca248113d31e5145b1039dcf24bd27725aa385c860e286ffb7c6a85b4b8f25373451e4 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\BtnHoverbg.jpg
| MD5 | 8b4727ebab78a0493cd80baadd8479c9 |
| SHA1 | d89971e9c4ee5d778b61efff0db875c5f531eeb5 |
| SHA256 | 41903ae7a88916451ec9d7f6fb8c531065cb8edf6dedd553e140e6a1c2ab8742 |
| SHA512 | 8181d7e87254d0a7e7350f10e612872ea7c71dd3c9241eaa8dd65713b7b666a0fb274fcc6901613ebb3e9d13388c861197d26bde4049db8df5e68d1960cd23c2 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btnbk.png
| MD5 | 32550273cea0a17561146ca14e7a5c90 |
| SHA1 | 036266b87d881860d50722703774159ddccabd6b |
| SHA256 | 370eb5b574a1d8fde787a22d45653f174170bfd54d416798a445c19319f2f5b4 |
| SHA512 | bc27fce0e8e9e99f620f66ca9a966312847b3908b9af69568129399aa1eb7e0884f2df68870fc626c6af43e9a3aa55389a340da5c3046e005cb1dc7d6a80a32a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\Btnbg.jpg
| MD5 | 677a088118e4a38fdd16899bb674d00c |
| SHA1 | 72f3f2f6a023e69f71cb296dec20b7263588a5aa |
| SHA256 | 5177ec784971bb764d1c52ac6eb576c0807c3ba52a50550ab49c840da111bd04 |
| SHA512 | f224e2727ab60f3a81f709454214cc4148ef7b5478565e6e22aafecec6ce8606f19ea71da58b0fa2ff8a3085aba5e99fa43c568d4bdf6ca3cd7fa067df760f46 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn1.png
| MD5 | d271a47cd14ebb209b06ea235a91d144 |
| SHA1 | df6d11259e8b54247d052a64b2fdeb86908ff751 |
| SHA256 | 09fda339a9d73d4bd0c728084eda60967139cf45c96e81fdd63ef562597c37ed |
| SHA512 | a074342fcdad77884e7b3c0360dcdf5798e3b1dca4484df23cd85b0283da0920fc867fddd41bd3d8eb4b1200e43c9b34114ba479ae9d4e874f46ba4808705ef0 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\btn.png
| MD5 | 7ce6f870a814cc914ddc015625f09b56 |
| SHA1 | a22877c1c76ff797b13a99ddea8920ba31e37292 |
| SHA256 | 101e790789b35eae7b1129e6a5ac8ad61a8391fd963a1527f9da81bd130611b3 |
| SHA512 | ca7661795e92b6cc282a23b63a0ba11e7bbb413a46c9ada5ed232b479c6850302d4189d09e60c46a7831d43cb7d73c485530b3b24709db9254910cc242dabf0b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\vmPage.dll
| MD5 | 93d53ff1b299ffec787c73c0c87ec223 |
| SHA1 | 91e674bc48d7f9a18668e13d3889ea4cfdbcf7c4 |
| SHA256 | b50fd866fe75a6654ca15ac2ebbde98dc7c5e6b23df6ea658d1fb4f55825a388 |
| SHA512 | 92e2c5c1eb85f3bf18e17ebb04563b1f6e85efa27d9ccdfd2b6959a1fc43ceb9c70fe129994ae22e8b9320fce7f5b06973f45a3da23aac00da75de9a1edb6b0d |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxUncheckHover.png
| MD5 | 0e40da2e0b0d35ca116a6ef8cc09ab27 |
| SHA1 | c43ff70922be4bfcf7823551be6b2167c341f979 |
| SHA256 | b443f84b1dae129f7f7d86f46a1b6afac0569f5537ef79919396a18f15a6c709 |
| SHA512 | 82042d24bb547bf1aba3b317e611516162a955714df3c44807c65ac5ef449b0e5e0eee8e673de24be9eb89c9cf45068afff74fb710e2eb89e9d4106ffdd645a7 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxUncheck.png
| MD5 | 0992ec4811eb429baf46221fb1bfe4fa |
| SHA1 | c4d95902c17a2c339cfadd366a1735a08dcef39c |
| SHA256 | 179ad885c9bd5e378b834f0c192f36d24366dac0af3df1c3a7896150e94a56a0 |
| SHA512 | 91fedac3aad148511f028fbf25f544590abd7daac05fdcf9f62063911a1b5e39003e9a97d54425d2facfb4446311dc42499e625766b912656dd1fbebf8fc56b1 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\CheckBoxCheck.png
| MD5 | d9cdf06422119816ca6f9c4c72cd09f6 |
| SHA1 | 64e3bd1921689df2f3ee450c8387f9325d1254e0 |
| SHA256 | 23f27fa2319a141f10a8be0cce63f11fce499f5943306d9d555c177c74d346cb |
| SHA512 | 2763f47b77742585d3562d61afe00033ef7ebb9f3fb1b7cd8b163d62ed5770680b00ac27bf200a47734cf715adaab862b9710268db9b6fc67f3c6625612cd88b |
\Users\Admin\AppData\Local\Temp\nseE208.tmp\System.dll
| MD5 | d0d7d2799802f7cddf8db7a2d8ae1e23 |
| SHA1 | ae8d8cfd9f1a7104036a9e8658f50f9c35c7a1c6 |
| SHA256 | 828819614dc0dbfb73f22d4c3712e6369230eab92819c5d4efe75870ee109a5a |
| SHA512 | 2b5af0e34720eb2f5b0aa04b589b46fb4b4d344b5c5d23fdd382348b051ac9766ff80f6a2455ef66da78ba880e8ce41b23daf741033de7701ca3f17f1adde408 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_Normal.png
| MD5 | e720f8d7d9b1eebf115a3ac3b2e8fa0e |
| SHA1 | 39e7f401d756d0f67413f9ff9ac925780b6e5434 |
| SHA256 | 395035ebf113e3f7d46d5fff75fad4154a674747d86049eb88d0962865cc8328 |
| SHA512 | 436d15bbdfd0cb4a1bbea0db7be5249ebb5e59268c6768a58424c66d155f4485057de177d9b36959c022b6a3c305af072414a75e829d44eee5cc0a8b6b9f4dcf |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_MOV.png
| MD5 | 0373829c3ff82ae9637c770174be1f01 |
| SHA1 | b608bca312673a83e435c475c3b6e56cf0ed0f61 |
| SHA256 | c5db13edaa19ab6024f12952264a3ec005c4ff87f677e33d0444a9485c113179 |
| SHA512 | ed0aa92263b53f6b65820303a08d31c7d54c422425aeae90ea52e08c54e10392acf33fdbb12e9ceea954df9a3cab1b13d4cc39c5a46198c364c6de3017d9dc87 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_Hover.png
| MD5 | d94d4858a788fc9c9e4372a9847660f4 |
| SHA1 | 863d2d93f6909c19ee666e0b73e5a1914343c221 |
| SHA256 | 6dc00a8eef3d4d1394655073304c749b499e4ebe34ba292b3aa1e81f53a2efdf |
| SHA512 | f734a7c10005bd83e56e4f00139375404524c94c8a906d71bcd67dc590d91a9d9caeaef702a67540c7a627100a371c663a4d2c0cc6610b429e2618e1869f61d3 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_HOV.png
| MD5 | fa74861595b2d7f8029238da227c9ed1 |
| SHA1 | c2103a895f32dcb9e8f1b8a7f647d38821b2df1b |
| SHA256 | f22ecceffd5edb6c5818da84a7753190a2f1a050d7a137676c6baf155955ac02 |
| SHA512 | 7ec53735e6f498db76f25e742d512a58729dc3889ed6c5aa78844fa9178b8ced9de960d238258f161c3dfa5217bd2c575488b868910ec55bb5d887469ef7989b |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnSearch_click.png
| MD5 | d5c86709860616b2a77328be90005dd7 |
| SHA1 | 8e3051d9b74eeea2641ca29510e8dd75e8f6dbe4 |
| SHA256 | 4f3d3d8f8544b6f5d973443d28972712d9f869f745544822a7af63d66cb9806f |
| SHA512 | c2149278520b60989638870a3095b82f85eb7329f67741c99e832c483e2a2a7159e9f5294223d504eb98f0d1b185a57834d43da0681684a7b4152929cbdaa6de |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnMinNormal.png
| MD5 | 0f8c32a24cdd495cf044885babc2a284 |
| SHA1 | b554b4ed413de5050d7ba05f5f9135fd9a8bad66 |
| SHA256 | ce9610d0d6f603ed290e3eac9813fe6428f85575399f1d2f3b79ec2b80bc5700 |
| SHA512 | 88f4ca39e9acf4d4e17d003e1bb043a2cb4784d3c06fccb061f4e78033ab814ce301d23ae2a71ff454e8ab8f82557bb5385cb6ac927950aab955ce9ca459b0c3 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnMinHover.png
| MD5 | 3d5ce2154e2739d8372cd19ef6894d54 |
| SHA1 | a50b1d7dce90ace6de2f64420cc501d4ae044ff0 |
| SHA256 | bcc19a19510a08c675266e240a2262c92f1bb214f333cdd3c12e50a84f97f881 |
| SHA512 | 382f29d7c19f22c34a9fea304028535835fe2693fc6c86834d3b2ca915a3e14b88cc84cbb368543312f6080f53479039557418efe65e2909ff5b07e06c593684 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseNormal.png
| MD5 | 5c58e41384824810c9233b4e20544bbb |
| SHA1 | 19a38a15c08df0c87fc96fb2ff1218cb11397bb7 |
| SHA256 | b6f7642aa16976177755b14a93dbdb3245eadc5f31cd28abbd97d31b4939a189 |
| SHA512 | 1ee8e676ea4702c7196f123c327aa0cbffc4553f389816dc7a8ade555b7f8c07e5b4b80bcc8ef6546e85e9b5255f20cd81cde91faf509f7d4fc0f35421af364c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseHover.png
| MD5 | 77c53a33af5d9060edc64d742581c78d |
| SHA1 | a6ca1ead89f69b55cfa2557a2607e056d7b98ad5 |
| SHA256 | b8ee599130d00563db4e4c0cf66b07d626d00e28edc35d9e96734d73c11e56f5 |
| SHA512 | 16bc887a618d565e5a5a93c98bce80510138a1c6687a027b16aa52233154bdead4224d4fbe76b2c48d13e210e426c6c86c250a27e7b4b7e695a9af59e8a8f506 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BtnCloseDisable.png
| MD5 | a7a050294a34df2b6598b06c0f1b46ee |
| SHA1 | ad0a456db2e13852af75b30f8a84495dd8414b1d |
| SHA256 | a37bc8a0d719e97f6bba561f05056c90beafef08dc5cf77ca0604caf833b82ae |
| SHA512 | 3d1bbf0957bc2df884b0716ecaeaf616f83f803a006cb0b03f66102520d99e98833d4448c407b75dc5a67505f0c7cc23a919a4b58881bd4c1691c5257299df36 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindPhone_Mov.png
| MD5 | 62cfbca60f27d4b42253c96e1753bfbe |
| SHA1 | 496690bcb841f2c95b1b1d3ad2f8a70c7a3dee76 |
| SHA256 | 4e2ef52fdf819e5d5825857600bb1ebad672a16873f4f55cc02c4b78c04d01e9 |
| SHA512 | ea87b367f8dd7a0670ae3171dd7a6f957682a661528e9f1330921c8273dd6df952e529aed59c21be33f0f733483266468809dcf0a5c38137610849ca2489c4a2 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindPhone_Hov.png
| MD5 | f061cd973c3245b935f8ca0e7fa2df41 |
| SHA1 | b843b3013d90a3b54f54796f36d0b3ae64e0684a |
| SHA256 | 4047e046f0f25b0f41d3cdc6578e252d35d5b2db9d44f91fbe5400b14073c8d9 |
| SHA512 | 05047a6b3c235dbf1c086ea97759f888efc88dbd25eef984de53aab304e0091f40f0014b6edea4368f813f4d4dc0cd04d35cd1fe0dbaee3a9ddd31b675cac186 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BindingAccountTips.png
| MD5 | 782b458a7a130a168e2348bb6b6d1ec8 |
| SHA1 | bf958b123c4c07ffda0d47939747464deba924a5 |
| SHA256 | 37bea36b1180d7b0a2a2734a46b3ced630c997a461024dbd395e12706ba29599 |
| SHA512 | 3b765d00dbf554f5b4037b27a6ee5a3cfcbc26d33a6b336f5a37fd085de24ac5bf26edf0e6855ece7184799a1e216bc072fe516356a419e9a9d26846c58ce32f |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BarPay_mov.png
| MD5 | 17ded5e0a173363a18f2e998cf05882f |
| SHA1 | 121c6c1c92e0538cc4a1964eea2a6de7784a6ff7 |
| SHA256 | 5a6d97e4f5fd2cd4ff81595bce200b8b9bb0af8c87e0a5a1ad33e2ba8592631b |
| SHA512 | 12d6cf34bb4f1c3482421cc986d2776d6724e3b97f257a2cfa17f373b688742c23d8a7ea682b8bc19c5b6162e2bf9627c415e3dc822a7beed2bdc2799bcb6b6c |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\BarPay_hov.png
| MD5 | f3506a23a8eab8def532ec1124fc122b |
| SHA1 | 5dab7891775c289e860aa2b144483209e8673b13 |
| SHA256 | 4d2fe7c86523d8e72de46e925aa1ea473e43b46534088c2372ebd5cd2db6a02f |
| SHA512 | 1095e4cce712836bb0f1b45f83a919f44c7becc8c51f950fec2a1e4034f8d6004372e23f100e51e309a7a406c51b4fd0821cc92f8245b720e094ce6b9cbc0856 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\png_res\ArrowLine.png
| MD5 | bc5022a5719a200d8cb4df3b5d95337d |
| SHA1 | 33b3389c08cb110d2882ce7c87c09f6ac768e91a |
| SHA256 | 79c208d9481d9ad70b6375aaa875c1933fa6a5aff1a20ca69ae9e2d28fd16253 |
| SHA512 | 71d564c909621d9260a257daaee9bdb019a8fe24f81db319ba7bf31b6e81e5db7fafde7b76c181a615bd872fd702ab60d463ee340b8b8124bb524ded20cc9245 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\skins\default\control\mainframe.png
| MD5 | b702f688b22f0d326be0496338307f0d |
| SHA1 | 3a69c7a925bef885ad3491fe552a613dde803aad |
| SHA256 | 97aec0db2dcaf6d20a1ed9e8cb2d8bdde456ea0bbee9bb9275bfb284dd059a52 |
| SHA512 | bd30e9c6518072b5954d69824d084a99011f24cbc386e4be15a3d55bf5f69cc11f1ff4693699b2291278ea7d19665348e847f6c0ba8737fe46ef837dfca3d102 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\QyWebGameClient.exe
| MD5 | 4c3d98b2b8e9e4064e5947d64c4ec613 |
| SHA1 | 6b8c3f2ee10d8f830f8678e5245cc2a35d18ac28 |
| SHA256 | 46f0604a4450ef9f828364e21a1441bdd4fa7a229964aa61bf16279150c9ba55 |
| SHA512 | 10025f9d34b952b09037f5f269583d74c3792cbd386eee2ba3e143f8b04636cf662e1c154f286a86343d0f27a1bece456442daa7eec84670e741c08048aada2a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\vmPage.ini
| MD5 | 3e8a5d1adafbf32b88bccd9e04866c1f |
| SHA1 | 1e8f652bdbadfdb76ae3783f2b13e782eed2a755 |
| SHA256 | 5639ce40cff3ee7cc012f13a8d3d259c29c3f7711111336e4ac1b2cea6932d38 |
| SHA512 | 91a07ca3130e33c5e142727bbaf0973b99d75b36c4ae074f6374a6b81b2bc0d8b88d0e253b40b916322f47e15e49a2784dc55ac6d93cd6b2915bd6a6aa2406d9 |
memory/1692-5392-0x0000000005BF0000-0x0000000005C49000-memory.dmp
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\QyGameClient.exe
| MD5 | 85d1912c6c543f4cf7b69ebb76372b5c |
| SHA1 | f43303d60f2baf0d17ae6d14b8d98b6b1152d696 |
| SHA256 | b9f7db9f09ad85025a61617ea56089ac92a2f1c9feccd9b3273f88abf8e769b3 |
| SHA512 | 91f568d0a95625da13da7c416e0813b922f30c280a80e04229365fc121ddec0da9afb4a1f64c63405521d463cebe6ace0c5a6dda4da5bf57a39d50729eac176a |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\LobbyServerList1.xml
| MD5 | 45811f4d5463405dae043f7e9b9ba846 |
| SHA1 | 886a410881900f0237ed619bfca6583da8ef919a |
| SHA256 | a0635bc8344e41759e0a53f0720435952f57fe68df229ac4831fb9300bdc4593 |
| SHA512 | cbaa251953dc1bd3d67c176702a23482472449078344d7d26051589e1b5350f5a85cf120453bc6fa66f6a8c6b8db80bd52c4b2bd67dd53d5a1df02c7dd8d1736 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\error.jpg
| MD5 | 2cd92fc75bc2be926e4c002598f325c0 |
| SHA1 | 484461932de9ae91409a67308236f4f35be0a232 |
| SHA256 | 657728435b2d152106f4acac777bfd82157727e0fdf6364c4f0eb4906a443399 |
| SHA512 | d1ab9a455742d502260bbd3279a9da0579f0408b5a7443ec5c28b4a19c8e31f6e622d33c6e886cde289a3f8e6c530c9b94e8c247299a0ed54dd01a41ca8c329d |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\bgline.jpg
| MD5 | e50052189fe327cffc4920d2cbfe7e5a |
| SHA1 | 917e438ed6c14579b4c923bed88b0938a5719312 |
| SHA256 | 49de719c563b90541a46fd3db53057cd6e1c854f69359b09453b7c6233707ecd |
| SHA512 | e98a96a9a3086768ce81e2152a7ad98c8f0c08308521ade743940ecc23170ff6309d722869543593f8fea742d2b0f95602a594ddff9894881043654d69008a58 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\arrow4.png
| MD5 | 55b2b0485d8cb14277abed24471c8ec6 |
| SHA1 | 121aca27f33646990d96a7b602671a0d01f6a4b5 |
| SHA256 | 41e8a39560fe7c5d41be57668b697ff6d163794c1fe0d178bd7ff603395e5666 |
| SHA512 | d0330c27c501f78cb3dc07df0b2b757851420a88002ee1ccaa5ec3fe29d42fb59bcd26b2fad40bf771e611e2ce7e98fbe7a72c7edd0e58cc5a78075d392cf751 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\img\arrow3.png
| MD5 | 4b7ff428e1010f5b4b924a381ecc6a9f |
| SHA1 | c64a6c92c9ce90dc5f51fcb61d1fa7aaf55765bb |
| SHA256 | 6da80486fc24fe096983626c22d7ade8e72667205ae9ab88eafb1b5e896f7d47 |
| SHA512 | aeb5d028c20c69cc04422c1cbcb0ec9ee72557553cc8230c9129b7baa70c6ad3263d91c9d5c62c69792f321182564d6f52e167e18bbbe4370564790596561d39 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\AoreAudioVolume.dll
| MD5 | a53ff1a83e51f4915a6a61ee92f408d3 |
| SHA1 | 15f9bbc83652f057f933ad2dfa02c9713884d328 |
| SHA256 | c81aedcb12656accfdbda1d1572311c9a0f9954c0036c0074235f42b6c0567de |
| SHA512 | be5d2b9c05d28c49ad3b8be847f322bbf23b06e9966418f57698e463c9bd112e9ad27081029fee422212013924beedf010074bcce5683308039ccbeee072f436 |
C:\Program Files (x86)\IQIYI Video\Common\QyGameClient\ClientGadgetSDK.exe
| MD5 | 9b4a17d36d4730907fbd6d8969ad4533 |
| SHA1 | 547f1198f277c267627083ab3a6f083931a88f85 |
| SHA256 | 7a201389575d3c6f60a638dcd6f8c1c41687b51bc7be541ebc271330e1875be6 |
| SHA512 | 870012f8ee3b07e5b45abdce7c0bbaaca5d963412332669ba1ceb4c6b9c6077740b6336dcd8ea802c10254e73173de00a3e2f1c6e3e6202b397477cc38e96ce2 |
C:\Users\Admin\AppData\Local\Unity\WebPlayer\Uninstall.exe
| MD5 | f5ec6cd3d798b1c9a2392dcbcf9bc502 |
| SHA1 | 56593b443ba4554410fb7bba45a137a436880008 |
| SHA256 | 97cf07b0e1a1b5a153a5760bc4270ff09d319aca9d45a2b9250edaa1bf5b848a |
| SHA512 | 838cdd97e05bc13863151504d930a14ccba9e3829e432f617b17d9ef29fbf21802ad66f6ad9c6ac385c8437f80e8127e00a11986ce3ae9ba06ced1caa327e3ce |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\headcircle.png
| MD5 | b2fbb530f0eafc31a1cc1a26278d734d |
| SHA1 | 0393d257a3f2378be6eaf9a59b788970e3b019e1 |
| SHA256 | 102af904151bd926194f1d98eb5bb5520afa6b77e50fc2b285ab64a815eb6de2 |
| SHA512 | 8b487590724c0ded62785f27ab0065a9f02dd6c81efb04abfbcda2e9254b571b875e9c414554ff11db0b694e3a6712bebefa9374dd628efa855d888399486c25 |
C:\Users\Admin\AppData\Local\Temp\nseE208.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\heart.png
| MD5 | b63bb93c3b88e1cf8cc9970123492c41 |
| SHA1 | f93b56d3309fea33fe4d3380e2198fc0a5c49277 |
| SHA256 | 56723f9cf6928af7d197f600293974446338d374394a12e714a7548780a86831 |
| SHA512 | f41775cfa71fd628c9614335357fceca54e26b51f04fa2bffca5027caf25fbd280a988df58cd4dd1dff54085b15a94c41da47a6fbbca0181b9ef003d0054828d |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\head2.png
| MD5 | 2b1d08d477bdaec7728f3bea010d87fe |
| SHA1 | 89d5a0356cf74e453d2488e0cf13f1e43676024b |
| SHA256 | 84bbe269120e92fb35cc87c78854d7b189f233ceebf167d95fc1122c93875f8c |
| SHA512 | 071813fb47e8b6b06474a3691fa8edf054d3e90e737e39c521b126920eaeee33224a4cb9d44abd0ba1c1e4482c08e10a1fa9a1fd89803b86c5fe2b3ab2ece2e4 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hot.png
| MD5 | d5011afca2630f52a05110f2b2eacbe9 |
| SHA1 | 007f11da34e1ef6cc104b8f22c605885b8093046 |
| SHA256 | 251ede71301ae3ad14f205dc32fe65943a1fa579ba1df0a749ccf0d1931a5fa2 |
| SHA512 | 8ddb8e67827bc4b4a97b31360bc58b10f62d7292a8a2b34108eca1eba73922078fa34138511d2394f1c8ed50c5ce6000a8109d22c149c8ef492f813023fe6618 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hook.png
| MD5 | 7f66ff68c2f14bf25b71d24aa6fcea22 |
| SHA1 | 91109033be5dd485c7eed0551966307b6e43d5dd |
| SHA256 | 8d1c9f2e6ba55339f0ecc724723680316846998c6697a471822930fdbcec7b31 |
| SHA512 | 1970416ee3d84626563356a0aaa8622f5571f59327b3db90cfeda5e1a87876b75eb739c0625d5211b7edfec6738a98286f307ed3e8b4b541dcdce2efc111a1c6 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hot2.png
| MD5 | 949091a4367d3948baa75eeb991a2fa2 |
| SHA1 | 881d64bf542530ed84b6cc79e6c39c9776f0041f |
| SHA256 | 57a851ae8b3967538d8916c504df15ad10bada7f7b6447eff7d53fd955c8fbd5 |
| SHA512 | f5450ac50dd11a26e8a6944ba9d2db242e83208a8482ef2c73ec691a0de9e66563cd30e434958768656c5dbe65bbf69982836a5afe00b57cc93a5a56881bf617 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\left_top_icon.png
| MD5 | ae01da726f23c1353615873831397155 |
| SHA1 | 619b85f3e146153d5b78036a9a4d189cff4214aa |
| SHA256 | 4828cf574832bde6c31532a8a45d200cd1b3b4343165619620c122b651c90d19 |
| SHA512 | 99c4e0f3123ad3efef069760350f71f49f4486403d950bd80da22bfd47abda3b55eb0844d3fa512d89f449497d0387f693dd216f882ececd66efe639cbf1cd16 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\playPng.png
| MD5 | 44eef76a38f306fa260634feaa642985 |
| SHA1 | d41b9093d1314f4c889eb461d137c02f56368f42 |
| SHA256 | c8757877fd1becc8234ffa24f74d8dc7f66b54535471e5bc8a4d838e2cc41681 |
| SHA512 | 511cb39820bca1454b9d9a374fc61d393318df00d147ade6b1bad1605eaa141fa2e5ee21932c8188e04a0e289057e6722a4edbba156e98fbbc5b5ee284a32754 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\playIcon.png
| MD5 | db1019bb0ed6cf058c4778e02fbe388d |
| SHA1 | e0f96986631b4ecde1afe76852f002ba1a1e8d0c |
| SHA256 | 35adf3e41cd689d6d4131f53a8c94af50c3bfcf9417c6254499e6e1fced7fc17 |
| SHA512 | c739d90910c4bb2cfbdfed6e43ae36974503d13e46c89bca126a8a57de1eda9e1f9da1316ff4acc2ece4bcc0508b49193995e732c8c74f37954fb6a7df6248e2 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\play.png
| MD5 | ecca72ea57790fc9333c92d059b9edb5 |
| SHA1 | 298b4593faa50cb9a31d202c29db6de2e0038499 |
| SHA256 | caac867bd0dc199a43e4ca95cb4916ef42c98849801d44d31fe508e08587df58 |
| SHA512 | cd0f5b2a1e2a533e9b83906c9ca9fdc18c13c673312c0fd54df1ae374d980a7cc285f94f61b40eefd001e1ca2cfe4c8d3b75f6812b7027ce7870cae5964902b2 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\pic_error.png
| MD5 | 6645b0403ac7984fdb44c265940b9fc9 |
| SHA1 | faf67ba19687a5263fe033c81a82cc87294e4fbd |
| SHA256 | 6c45ed533dca604376c7579ea513ce672240ed451a2bb756a665c637727e5f53 |
| SHA512 | c7ef0fded6156a9dba77d348181d86c740ec1c798b631fe873969de3845e3770d24a4798593099bc9bd7d674c05cdb29018e38529cf3cd998ae9c949a35ca801 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\no_up_and_down.png
| MD5 | de4109c2374280da714e9dcdb3d3ad9e |
| SHA1 | ce6657dd563c51c684277a4213fb2be052a13f38 |
| SHA256 | 03b3fa0f39cc032f3f0fa0748810bca79d925e64ec5c2df0d3898580b1d7b203 |
| SHA512 | 99160096e9ef20e984d09d6abd34a0522543e00b582254f337a3f61ead89ec933fa8f2618bc1deb32f7bd44c821ddc1ce9b60392fe65374cd1912262a632a205 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\news.png
| MD5 | fcbbd915b061ca5aae13b565ce8f45b4 |
| SHA1 | 93731e695e6dc39b7b581ca178e34a25fb8f9ab2 |
| SHA256 | 69415a52a12d0617e463c911dc4d727cbd7b33de94289aa082fc5e2538ff582c |
| SHA512 | 7ff7a5bddf490752708c52c0d804edad7ce39af7d6a7ae5b916b19fa23769f16e68534b91bd3f9f38517dc44e7d489b98c3314ba4229e006b5de80ddfa70c92c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\new.png
| MD5 | ea130938eaef26312b8fbdf97f1f2d96 |
| SHA1 | ca47a9e5569c8405d06eaced76f309a1a52f50ae |
| SHA256 | 1bcf4ef0d57135888ac4b6ffb37d19bcb102418d343dcdac26158828f71cfd41 |
| SHA512 | 286316a8a20c1c47ed9dbd07b4313339e8f830e2432f999c6b0efb0881c7d296ee0a48ac062f542dccb3eceb1f63a7c7a644145572f5092ec066cfcb50b9f9bd |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\login.png
| MD5 | 4e1eeaae52b76bbb4617cf835bbdbe05 |
| SHA1 | 14dd16283145825a56a7438d7684f14bdc9805a1 |
| SHA256 | 3cf436503b95e188d7698f49360101af37ec832b2b76558139354693bfd4eba8 |
| SHA512 | b719fed3fda82c6ad3702c4955fd646d9b11e4e7143d9298666563542abd2e42556e320adedcb1efea59e9f23d8345f4ef39e8dbd56112648f220fb8de158913 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\loading.png
| MD5 | 4478cab089e7bf1cde31041322bfcff4 |
| SHA1 | 709398f352fd51a45c5ff0f44d25cdbb4ddf72d6 |
| SHA256 | bd02f963d8f11669a0166bd2b65fc02499cf4941caa1aca1f502cb31c8a839fa |
| SHA512 | bcd1dd3319c48c7cdc09e2c1844cebce6601b34ed502b7c2906996c36e9ad7335a89a104c4fc154aabe6b91a7f1e1ec9f3cf22c84663d29e825e45eeafcb0a8b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\LiveVideo.png
| MD5 | e545d509b6f4a62d7535537af20c6f1a |
| SHA1 | 081f082a8747b5f145c1dca193f820646eff0e63 |
| SHA256 | 1ad726ca2efcda0b8cd3e20f37e6f7a2bb539b18a496bf4a9a28783bc66904c6 |
| SHA512 | 72eb9a64df799c3b6a80399d39ab310ff341d4142de771dabd3f3975b9de8da288106450382454eddfc2debbc122d402b3de26012341695aeb8ea451cc55f6f5 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\LivePlay.png
| MD5 | 11b9d51defec37c76ed968874bb6f423 |
| SHA1 | 3af43f28510174bd55087da781b79a6ef14257cf |
| SHA256 | 55ba712c497194dcc46096c663156954995a71aca02842fc5835b1ecf80fce93 |
| SHA512 | 48f0a0f823ee44644cf865b73fa2aecf10e8d8e94448bf7ac4ecf112b8f754b05caadb657a7ac4d84c5800c5ad3d9130750b3ee04846b357cdcb4e20281fc191 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\line.png
| MD5 | bc6545a79579f5fc5ac22e9ffaf01e3a |
| SHA1 | 3d7e54f13ecf332dbeae3709e67aa63c347abf56 |
| SHA256 | a9735d7b0fc7dc750d77e8e4078d4721556caed4d5a823a446d7f1de8ffb9c00 |
| SHA512 | 0715ef51e8c3d066e85d7f5043ab6cbf719da5cb06bd1c09a5d814ceb5301912c9cfad65d23ca2f033cdb9b5c3a26402bf750cc81124daa648e0cb5ee89e2f63 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\new_style.png
| MD5 | 7e2912d4dbaf29527cfc78bb933fe658 |
| SHA1 | 5121d04a911dee136604a76bfefe714507202106 |
| SHA256 | 612a2a38b0730c33ddd84f18a8acf7886079be2dfd836b9434580d3dc6ae5900 |
| SHA512 | 3195e7b779b5eafcda46c0e778d7fd1eaba7dd38c6dea0ec83c03e8b6d5dea3d5962e854641b11bf81191c9543345a29fa855907aa4d730417d21b1042047cd9 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\music.png
| MD5 | 6e1f16bbc843b262a4c1da2a0262a952 |
| SHA1 | 17d2ea4076edefa88a49a54bf971561b91cb5bb0 |
| SHA256 | 62413dabcb55be2ad9e23b5726f088ed94afc47e23c6b3ee440b63a0a759da54 |
| SHA512 | 3a72b6ad91537bd60a40e6a57469694a74f3ee591c822fa98f2ce84c0c74e5df156dea08787923fb518eab2f2ae8dd365ce672ecdc2de1ed88a60e0a8897c544 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\leftright2.png
| MD5 | 0483e86e4661ec11cf26ad1f7a822ec9 |
| SHA1 | 95eba7fc75e807df07a8d1d587621d79736581fd |
| SHA256 | 47502df1c64758986297904bca4873e16c2fef14335afc08a95b15442dd95a03 |
| SHA512 | 159f06e9211451ab4ca016cf2fc88994ae7726b45610de6683095993cb6df5c8df17b3473de911747815cb5dadf33090d66d5b867fb5e3351420e94d86d91023 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\leftright.png
| MD5 | 46dd1c7f3609632c84a2b21811e7dc3d |
| SHA1 | 0c716b1689ade499470618b8b400a5c50639bee7 |
| SHA256 | 1dca9956201c44a352bf88f467e7d1574192ab76ad0812d41ce83b323eba4a2d |
| SHA512 | 73bf63b148cbad5df9c8275b0ae3a76e8b5a2468e26833fcde87b31d243482b55df1e73787b6aa5c46e76724d60c58a2fc55a8e75f75cd924c0ff83111bb11fb |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\J-5.png
| MD5 | 1bd8317a49a4845a6fee77cbb53c277a |
| SHA1 | d793198a2ce8fc3d1121297a2004c4bfbd6ead42 |
| SHA256 | 2c4e73a9b576e735771b1ab739122be61714ae4fd8abeea1b0638d7d382c03e5 |
| SHA512 | f51a88f2c799aff53dbf7c824d45c016b4daa9b942e94bcfe8245968ba0b689adb3135ae5781b91fbd0f9bdf6bc0a486839267fb5ad3c2159f697f06da2bb332 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\J-4.png
| MD5 | 78401ac75446e9a15f52b7181507d083 |
| SHA1 | 7188acbcb65b57899a7d9710725e27ff74f0841d |
| SHA256 | b5ecdf04ae1f2b91210b158c18fc7bd1599521bfe54c8aa97d93d7794b6afefd |
| SHA512 | 369ef504f9e5b9b7820b5a91d564cc7982fbfb1d21d09245337fa67ff08a680aa5c009db7a322ee4a1b731f4b9ea4ece471f70fc1717b009dc138e376e480df9 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\icon.png
| MD5 | b3d0a1a26c2da9675abf659c3ea28f11 |
| SHA1 | d996a9e1951095d5e8213942598b5abaee602a22 |
| SHA256 | ca430ffa0a54fced7932ff16beae55db25a2f2922f24d842170ce442e2b2b4ec |
| SHA512 | 0e9ac64dc21ad40e17037279e1b2875190b5b3d5f76c43181d688d916c3ac13ed3c54d8b2a21e688930146b24964e6ad230be432840c69f4e7506e742f852457 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hot_rank.png
| MD5 | d5b6b274004897b3e6e6092517f01488 |
| SHA1 | ceee44b82925f494fe99f2d319dfc516393553e3 |
| SHA256 | d22dab596f46aab4031e3ef19b935165b79132cd1f1f654a737b70e50ff1f99a |
| SHA512 | efe483d5136f023a3780e33e523f3964f59c46dbbd95b7aa9b6489786ebc64949c47cc6045e609e2ca109402a13dee8ede575aa24f4db78ac14d69b43a2eddba |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hot_1.png
| MD5 | 28c09826eeeb9a2d7ef080ce7260416b |
| SHA1 | 134c74c1c9dd4b71622500c9f7e319f8c9ee5421 |
| SHA256 | f872d23d5a6092701b8ec1912dc16381c57833d6b4e84c0b1355db1a94a0882a |
| SHA512 | 9f95708accbe218c89567428662febe2b7481121d20bd152e8840ce892af25bfdc6cccd188563040acd9a566fcdb0d354b114a01513cb7927e70b85bac863058 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\hottag.png
| MD5 | 8dd0c25bd3605eb7da1fe868ed8c6a91 |
| SHA1 | 336a2b527d7359a3c05327dee404877ff4219831 |
| SHA256 | d66fc785060e27754e89daf77928bd4c41d8b4ad27e1a042c6519aa1dbde4ee4 |
| SHA512 | 3676322889a9674eb5daa8f9bd3cb0405e3911cc10d46eea8b1d47d5a09c81f52eb8c0619778cb290f0046d63dd509217a605e5188209220af6f699b16e601de |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\play_bk_image.png
| MD5 | 824d4207a6af2072b3d1390af96b85e0 |
| SHA1 | 8de3a6f4bab1745db047f15a654e4053cf142f1f |
| SHA256 | f2fa4092a964361551c7067040766ce7f57a27dc01dc5d79dea657efe3be34c2 |
| SHA512 | ab67b39f6a1161bb58e5b30c32f53643ca1f580121db3f3d6cb1684a70b39e08d772b4d0e4bca34aba8e2d04edfce2c36e0d96cf6983229f6c0f42100693a8bf |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\prev_style.png
| MD5 | 530e8a98324584ede0d1fdccca5bbfc4 |
| SHA1 | 47465f71c4618fbae629e9acc9652bcf18a73dd4 |
| SHA256 | fd6a59be2092bc6a95df4fcc2bafe3950b16aa7a7d51cb3e2ce8e17857bf8c6c |
| SHA512 | 192cbf6a2e22c9e73725ff011ecb31e70b800bc4b59591ab4522565121322926792355201b08b04273279ded019c822b22929006e77e231c6bb05d49386afc6e |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\radioIcon.png
| MD5 | 4a0afbb4b008da94070fb4293564b261 |
| SHA1 | 102578b628f2d67e8a5d24375da3217cac9bb9db |
| SHA256 | 49dfc9f3fbdb3d18cc5db8799fa5826864b27b97482f19f7114d5e2c5bf557c0 |
| SHA512 | 11430c1fabe10f8ed5042890c8f70621f62b2a6d1fad64e8b288a52c86cc99072cdf4d8374d2ec3dc215c3f3510f809000ceae557a77caaa383e1a464138915b |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\RadioItemSelected.png
| MD5 | f91ad431bf932884bc5c9cce13811096 |
| SHA1 | 17faaef0f82156ffe670c86eb6e17616eb6288e4 |
| SHA256 | f32d584a92c9b5054b4fe236f646398c59fd68ffbf6954e738db49835e947c11 |
| SHA512 | e7c23fd04964a92bf686088ee08cb1551fc98c2a11c0cd04bfa277f16688879c3f3b541dc5ef6704c8c0a1115b38ee0d1f432381fb859df257464db2a1152bf6 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\scrollbarrail.png
| MD5 | 4be9e432491d973ab1aeead7b757b141 |
| SHA1 | 260b087cd145da9700a13d35de72ad5f56d2e897 |
| SHA256 | 1a8a80d151de65ba705a0a89e68889cd706033c2553472391a748419adc1b38e |
| SHA512 | 591ae2674738a927a05affe62852dbc9324da9bc68c8e5b4e38024107367f6e89c333e0a4a46dbfca9724f1e102c71f41351b6961cc4ccfd77705a8c21908227 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\scrollbarbk.png
| MD5 | 826355e43d563d8cb3eb89cf35dbb466 |
| SHA1 | 320524d6850344f9a16a8b1370ed673c7ef27e2e |
| SHA256 | fc9ec2a4913ef2002760fe218bb023c83402dd91a0fa5ad1eed6c481894e67d6 |
| SHA512 | f48437f054438fa4ab80ba499b66f4d32692830267885e680e17fc63d5f3772fbfdbdcc8ad66a4ea9e74f4aceaca8e8e34b63cde714f4a435909b99175055597 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\rank_bk2.png
| MD5 | b7f204c51cdc5fd5d95ed92a0bf48e0d |
| SHA1 | 7319bb7e3ebb914e955d77dfd3c5494507628f2f |
| SHA256 | a90ea800caa69be1233579b54c4af46e485817e4eef915369dba974d4a24faaf |
| SHA512 | 380cb0cd7e22a237ef4107b205665024904baa98a383a8e7fa140b026282b652d5a15a04e98d46f45d6f8caa661acd05d6b82c634806b34908afc8f90db3989c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\rank_bk.png
| MD5 | 4f87cbfa1eaf0a1f54d25d22eac11961 |
| SHA1 | 27a4db5f20d81681fc7f3490655be1076f4a9230 |
| SHA256 | ce3e8ececb55de71194c0a8b29b404345f3a1e25c80c986f498962736a0b6281 |
| SHA512 | db918ab4bbd76d0a8a79659fba7b983fccf3215c662a6973e084f5ceb0b37473aeaa7393daa65d27cdad4c0e7afe9e3bb186e386bb891ab0c630eebe6f8423b9 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\RangeImage.png
| MD5 | 86b9d1484d97b7653895934b1d2a2f86 |
| SHA1 | 96b9ac62a27071adde9e68a8fc38c7420a427796 |
| SHA256 | 5669b6983bc769e8ebe808dd89903e54962a749df424189cdbf0675fda71ef7f |
| SHA512 | af08d124ef897fddfe2d41fabb55e551da623971e2055e72a99b5eff87d4da1b9f9fc960c93798d0fa71453ce363b739a20ec20feb8a45ff69e4f81685cd4fc0 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\radioIcon_1.png
| MD5 | 20effd71be955c5e857722c4edd2e85f |
| SHA1 | 7fbbe184f4dcf2de306384a1df56fc098b40c2e7 |
| SHA256 | f459810a485f9d1f3b01192d1541f3c652bfd5f618dd45393d3cfefbbef2b509 |
| SHA512 | d841d36cfc3771a875de62b83345d10734b68457b3f20cd4053bfa6236022da22d929d6c1b4132e3248099f6e49dd3a0a4d8861815b5f9f15210fe6849292a5f |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\scrollbar_down.png
| MD5 | 16c601baf1650ddd8e69216981b88427 |
| SHA1 | 874bd7ede11b80c165864dcffced0f59a44e98a7 |
| SHA256 | f3961bad422b85e15a8532c2b8124690e8e4318754ec10822ed0b78598ce71cf |
| SHA512 | 654fa413cea3f8d1d58a01e9defbe6d13e1bd8c451a371696edec68c26582ef7dd15339d39b9a912c9ebea2c4c5c14ac9aa015e4a6fabf46c9cc63c17b18f4f4 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\scrollthumb.png
| MD5 | 5ef5c890a227a9a22b58009c125905da |
| SHA1 | f83c3c1c0a41a5fbbcab916b9ac0bc0c445ca707 |
| SHA256 | 101f298c38b9783a7d39d92434694f6e7a4705435a51362af5b8111577291c87 |
| SHA512 | 079bb89765317b22d89a10ea7120daeadbff395b577defbbc17830d49ec497e365504556af8aa8458480dfc0e804afda935ebcc40b815af280048d6f922e1a50 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\scrollbar_up.png
| MD5 | 03f20c626e21f4c9cfd0e98119dce453 |
| SHA1 | 94fc192b0f77b969668226644aef58aa04a3a281 |
| SHA256 | 4a7eba1fcc3e0900a497b3cd2d78285bd0a6f721734e626c32f4b9177943d024 |
| SHA512 | daae6eeb6a5e270eb9892d36bfff959a88c9ef13aa0ca45b35a1c6995a2eaf6753f9596982bfb27b9bba569eaab3ff2880a9a4f7c14deb3a9ef8934cfac5bdde |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\search_result_updown.png
| MD5 | 744f27dc2af3768bd086a4e0e9186e1a |
| SHA1 | 70936097b129239eb2e2b6700dcf140567aef4b5 |
| SHA256 | 93f26657f5482c32514944add573a45f7e3a5b046d0f6fe1b4da8c6538d0251d |
| SHA512 | a706ac8044bdc67f9ff2e1355d2abeffb2c36ba6061b3513f339759617dcd09c02fe874b88a97f9d7b4a58178ac23e1e5010fac07321348d655a07fa5caab8d6 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\search_download.png
| MD5 | d4da40ef6e59875b2ac321ec1105da88 |
| SHA1 | 73633b70505fadb155e1315304eb11b34eedce67 |
| SHA256 | 6128d494b77fa5fc57208060fe225723dfb2f867d55f5ac0404ce0ee90405be2 |
| SHA512 | 58f73dd628de9146d83debd08e73eb3492cadbaacfd12113efda06d5b3994c62574319b22fe0e2d50697ee68c60621d3de69b635dac881a9f705d9afbe67db65 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\Sel_Hover.png
| MD5 | 8a300e0a40807ac61591481ea64e3281 |
| SHA1 | fa39cd49150edd2335b91797f90a1df18ff82458 |
| SHA256 | 3193e0286fc2d3b97d2047abe1a400a27217ac410183f2712ed49b073c05a121 |
| SHA512 | 8ef63e18654044ffc717bc0dfa045ad2f801e234f6d142b46076db045a8ab8d4df84b4803745a8efaac021a4ad77c62901bb87799024c195c982df07be5806a0 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\share.png
| MD5 | bf0d8fbca361156974a77fa8a69d433f |
| SHA1 | b971b9ca8e9aa6789b9c0d3c74c98f0b787efff7 |
| SHA256 | d4b737bbd506d5685faca39d89154ad79cefbb20ff9312d0183e62267320a3a1 |
| SHA512 | d0b82d8ccc04ff8f7f1750fd36a97b412a4b5032380f87dc0c4eec904b4bde643d28c8e46962f16db9c5fa35ba6341ccf7c61ae4477dfa2fb252366a87fa1b40 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\source_logo.png
| MD5 | 6585566ae11828d9b47a80dfab95fc29 |
| SHA1 | d2cd10e339a5aea3e61be5afb6feb88936e10290 |
| SHA256 | d50b7a0ad006d4739453592394dfea872bb2220fb5c005e260223bf3b65a1d8c |
| SHA512 | dbb1dc9391d02cdf17e50a2550f9018ae5742603232baf9cef937440c1658df5793e5ab4a79d1cbb3b4ed25728fccdeab0b57a79b5f9d2df06c2cbdb6c30bc1c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\shadow.png
| MD5 | 330ff4815076443088789b71bbe964fe |
| SHA1 | f1c6920110d6991ea77e01cd688f684822f6f16a |
| SHA256 | ee46afe788d9f46a0f25aeaf9746cffd8f33269d9c69964f6ee78483f6d3b5b7 |
| SHA512 | f5915e3bc902b0413bc0860281c83fc2285993b911b724761ce301006694e3e12abb9f27e1b17d6581816f020d9733aade6c5b189455136c183615ce61b7e71c |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\specific.png
| MD5 | 2cbf9f69ef0293828517950fd59f412a |
| SHA1 | 024af3f7258a12124fc17fe172cfb60a4ffc5b7e |
| SHA256 | f1964c5368baf2d1b37429c34b2e7aa735350c8d2da0a0cb68f1a6e30a855947 |
| SHA512 | 3211456f896b1751ebed0efbe7b66dbad5c6670b8b2ac855fe239315c6c51072c4c76a90cae0ee51e08c7f5bd7dc620786a0df9b68ff0886e4e5d1af427913ba |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\Stamp.png
| MD5 | 4014235ce73fa99bb8c786691463509d |
| SHA1 | 1105f635646dee22b5bcf56cfb4066a981e9cd44 |
| SHA256 | 5059b12dad0f427db7adfae80755778813bac627073bef3a1a09a69961821407 |
| SHA512 | 52d3302ed6ae3b667b6dde9c54b531c9bf1bdb29177a76e91095cb065619bae038696ca48344a8a5260e00f4b7d1311c1363a352f3853934c34a20106cab01ad |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\time.png
| MD5 | 079db00d4d5f83cc7efd7b9cbba4ecfe |
| SHA1 | 06971a4d08556e840967ec0086efd62c77dcdff2 |
| SHA256 | 60f5b4d510cbf0a71b809532601ad271175e8aa9c2ccbc66aeadb1219825d718 |
| SHA512 | af6a1dbf7a822873f058777db6bc969671a8454c4bf9af3a21b90db632d6d1c0a3bf37ef666408f59dae5aab8dab133737cd1ad206057937214732fc0e5651b7 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\subscription_icon.png
| MD5 | 8ce9e8e46dc610b6363197c33f61df1a |
| SHA1 | d83903364f59ec348b47481c9fd482c339bfee87 |
| SHA256 | d30785a90a56098f602d389c6b7d320971ec4ecca85dd22e66da66dd14d89952 |
| SHA512 | 6a7499e92e3d6f2f48def21ef5cbe801d60c69f1b4291439136bde88437808bed915c0f06016ef5109b3164029acd2a2bba16208dcae4786c832f4a837132092 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\vmPage\1.0.6.55\skin\ToolWndBkImage.png
| MD5 | 2931a5fc0de1f414a5ef6131fc8461e2 |
| SHA1 | 8dfb9155fba9049e2e4f7e5aefd3ea78b8dc0484 |
| SHA256 | 1d4218552cb6bd3ce062cf0c66c42e220d4bb94aca9b9077a261bf93cd4075d8 |
| SHA512 | a2af4584845639b10fc06a86db17b944c900d125e0ddbebc90737933057f826cd6f581f8d553f24733bffc62ef5463a6dc024f27e1b75d9759e6b2c8d397c712 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\title.png
| MD5 | 8e2f36c6328b4acc00a1b7e486ee6be8 |
| SHA1 | 0258531b640af3beb90121724a6f808f96f62b7d |
| SHA256 | 3fc486d145ad720ef4e212404fa5ae1f930147f33404fd1ac2ef3124d79eb47d |
| SHA512 | f043e5fdc73db23d58ff50b72486d5b8e630c223a7a5ed4e56d2fa4f90dc389021f191e7c7275e4e9ed05ccc77dc63b5f3c66f3bd464a0bdca69c3cfaab64ace |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\time_icon.png
| MD5 | cf3e1c4fd64eff999df257183bbf91a3 |
| SHA1 | c00017a79911b58de40382f233bac3870c6679de |
| SHA256 | 8d706a5a8ba021305bf73c7b5ff3bb529202e485fdf474d1381d6c5a5132d445 |
| SHA512 | 73d12cc0a4bb4edc31410834b5c2eb30cf5ef172e237e4814d55bc6c1d1c96e4c291441e7a958757dac9ae609ff3a1685ebc2b098706d5b528b34e78f20b815a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\time3.png
| MD5 | 5c723a8e46a0aee01403dd144ab679c9 |
| SHA1 | ac36d5d78936073171e9a25f6ed010cf7dbdcdd4 |
| SHA256 | 1e7aaf59b3820e9dafbba513a6f8ab357f19a2ceb7d505c878891244ad797196 |
| SHA512 | 08405279af39fa20cdb8b23581f98fb867e969f13ed83cdd9c3a88ab20717266bc263a50b4050f6819aaf303a148d5630a34527e03a2ad8f4365103d91e4880a |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\time2.png
| MD5 | e3a42fbb28e82b432c530db82d353fd5 |
| SHA1 | 34306b783b1851968823d9b8458c755de628d9d5 |
| SHA256 | f4010be9606285c2406ac7dc7e266f69825a80cad4abccdacc94c37208792370 |
| SHA512 | 1ea5dde0f39f3bb78c68179a30a6695918c599fabf25cb21affab694742cb01b57a640a5d68bc5861b6d5d9ec86ea4cd8fc0b2e12a6b00b942b6711c7afb2fcf |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\Triangle2.png
| MD5 | 8190e38bafcb1b162fdf23d8950e944e |
| SHA1 | 73d6a23c90e60594a88ca41b0ee8a4474cbcc617 |
| SHA256 | 8027199953f4d952c0c39df92563e117b142a8b4964637ebfe55d6a740561bac |
| SHA512 | 7082a7de93105250646e87347f0727acb6f5ef7cf36ae5f383f19c9166097697c44c2aedcb8e15de383a939780cc9ab3db4968e3624214943274301c9d9a1e65 |
C:\Program Files (x86)\IQIYI Video\LStyle\vmPage\skin\Triangle.png
| MD5 | 7db79497ae8f04b124d299e4130dc502 |
| SHA1 | 72d749f141db81328919c9557aa305f5a9e7ad32 |
| SHA256 | 8542690a4d3d147deea7a6f2f4f8fac7f66cc1f244f4d918303fc9ca31ac4f97 |
| SHA512 | 97c151437455cc021e9dc1ab70ed03a7deed968e443f048415aabb8570372ee2f89787d576e98f325379ad8ab5fc790de4ccd2e715a161102acbd21645c2319f |
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\vmpagedown.exe
| MD5 | f5c82723518ac5c1e33cb7b8520094d5 |
| SHA1 | 210cb26ffc62e7b9e6bd0398b28ecbe9e1b0e2c4 |
| SHA256 | e9abaff20fecb812d4df90395990054fb26d17640ad7a31cabd582cabe22948a |
| SHA512 | 85ccf75499dced8f1cb0e451b2135cf705da33ae23e290b4594dad1ed901cb7e3b4777b28dc52a7a9d5c40d4d10e9d90e3be3de8c686e276dd6837f15a498524 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\LogoLIB.ico
| MD5 | 094fad0a9eb6e39e00f6452da2e0a596 |
| SHA1 | 053e9e4ae140cc3fec5a500c6941e0181e6ad143 |
| SHA256 | 8429febe04859faa258bb06bfba94eb969ff7e80da207bac6417a22cc83548de |
| SHA512 | b5d41ab5c040b0a001aaf399e9e7fd9646eb5d79268fa5f5258fb22a178b311f46e46c48c75495a003ea15949327700b7011602d726d92cf7e348f83e3ec5867 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\QyMaster.exe
| MD5 | 9e8e028857769d11281f83f1438d8a35 |
| SHA1 | a6a23b4e3fc495ba235a5b35c35c8fe05ef2f55d |
| SHA256 | 169e700568cb68e2511589aca9be8ad26bcd1ae52d0d109120576934c8af94c0 |
| SHA512 | 42c9874e7b8eaa50888f4f533bd93c11c8277c8435583f06c764a5858f47c34ff5d8fc982540b5c06cb2ee03fb406931eb4db8170c18d0c1bb3f5bdd52d8b9e4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\爱奇艺PPS.lnk
| MD5 | c91324d789d9203659c4a4ce0cda0f26 |
| SHA1 | ebfb7184108359cbd6a328db470de8c7a62c6b03 |
| SHA256 | 95cba647ffdfe8cde80c98fbfe5d3bf20942a03cd69e1cefea62fa985a74955a |
| SHA512 | 26f4c25b2c90c379c9706454a438bdfec152947ca48623cb95fb0a661cae98e2bc9e9afe2b413201bfd46118a3ec330560e65fbaeee420b5be92178ac19a396e |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\PSNetwork.ini
| MD5 | 3221fa8864ba8b73d2b5fbd437a289a0 |
| SHA1 | 0b210cd735603be096e676cc0dc9d4c5c1de63f7 |
| SHA256 | 8ffc6af8e58191176ef82385aa12d25c0379d3b9ccc3a3ce1d041f3c52d61914 |
| SHA512 | 220a1f69d939f7a67c94a70e88acab7be105a7ed4fece40890c0b8650b4f356d3d7cdd348e380673a4cac25cc16e8c1324aa9fb64efb3b7337401876ad13ef4f |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\PPStream.ini
| MD5 | 6e1b48a8039593aa45a7342a4469c9a7 |
| SHA1 | ea1d4fb565c6ee6dd0bd5d9ed33591540ee3887f |
| SHA256 | f7fe8fbe8d0b5773c8d09d1ab9db14605a1dbc64fc9e3c25ab4aeb30e473fe14 |
| SHA512 | 07e8177fbe8accc112ceaac9852e174483fb6f1ffd3d660f75c2e113c64bd809b799fd6dcea944d80f93acb5b08d715f200817b24c64456ac6852f2df2331e72 |
memory/1692-6207-0x00000000052B0000-0x00000000052B2000-memory.dmp
C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini
| MD5 | 2d85a6e8f283e8b911b55af5a057999c |
| SHA1 | 7673e84d0ce2c1eb9f9db920a4015ecdea4d8e72 |
| SHA256 | 09c5828241e05e500fd1a76af60dc783a959bbd157b5355a9c5452b2cb7edc7b |
| SHA512 | 5875aaaa573d8eff9f3b1a33dbf1993a41aa53c3947c5999b72445766da39caffc8d5ce2f0e93d225336c818c1bb5353b174c918cd83b36513d983721480ba23 |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 2ead05e1cee75f9ebdd5f9ac04cba9e9 |
| SHA1 | 5c37cff83b68982eac4e8b6ad8a4a00143890a04 |
| SHA256 | 0f318d57f8a2101da3b9c6b6c92e072afdf30150d4e628db68d4502a50b5bbfc |
| SHA512 | ef73d57044c0b860839ad2226a4b61da16191e94a11584cb015c85f9ba6bf7202bad73baf2302426b1a1e3981b292b3eb4774643c31af2d7a12312025270e203 |
C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini
| MD5 | dd04de749cdefa58c6353b254f9cad59 |
| SHA1 | 58b6520046c8db3c7ee8eef5a9bdca5daec5a5f0 |
| SHA256 | 88afee502487280df1301d511cfa7d9b08bb016c71fed7ebd6323af2fd0702a1 |
| SHA512 | 963f2aa92433661de973c624418afbda16958d34641e04d1fd07c8c0a631b838475bac114d7c107b83d1a6d4e7d1c6e891e1656c1b19706201b94438518a02c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar11E6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Roaming\IQIYI Video\LStyle\browseradapter.ini
| MD5 | 579aeedc511394ed40e299c320cfc4ce |
| SHA1 | 1720c1801ac45fd3f72ba37a4cc7c233f6476c5e |
| SHA256 | 1964095f12433fd1cc6ce2ea1cabe7501a13b48a03b80d118a5286de446e22a4 |
| SHA512 | 20e1ab2bd24596d765ff021f4aab211b97c0d9fd288daeb35ec873fe78f4ac82d3eca0ac00eb4f8e0d823b125d93eb3baf098a2391fcc8e197247b21c53b55c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04c1f337ca525646dfa2a00382683b8c |
| SHA1 | f8a8afb3a117e28eca6aefd6c6a8757d2cca42cf |
| SHA256 | 000bc1d34301ec23657e994702f5a07a515db4c7d6973e282d1139a4d8843d93 |
| SHA512 | b4001645c98a06f15fbcac7f04c51e6b18621904f663bc0fba70a4221427286f077646941e3db7b825506145b0c4879318b3422c0b2bf7987781515c0e3c3f08 |
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\nsExec.dll
| MD5 | 2d1656be5aab3f3e6873cb5d0c046717 |
| SHA1 | 32facbec7603c0d3a2198c390399711f68a96de7 |
| SHA256 | 63133db6770f8ae0a5b38ddeafafbdc61cd6bc2ab0b6f3c307c0904f29d8a218 |
| SHA512 | d55426322c315a211c4de778eabd676fe2353ebff15f8725eb4e5dce03bb6b92f8a180e5093c2bdb324329bff72b4b1ed37d9d8155ce4c98926e0cbaa1c62ea1 |
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\config.ini
| MD5 | 89647dee1e147207f3446ea739c8ab0a |
| SHA1 | 2939c1be244aa0fc4101832ee410418c337a4a40 |
| SHA256 | 09622256300931a8465cb377e4f958239022f4245606e956728a9940321c17c3 |
| SHA512 | 5c18225bd6c7ba97909a1f2473bbc6fbbde49ba91b5aac01cd4846a39eca886e7f27b1ad54bb143a1831b23b66887b5a4de50f63ba5a70dc44f00db18027d257 |
C:\Users\Admin\AppData\Local\Temp\nsj9D98.tmp\registry.dll
| MD5 | f81598566d3bebe154d86906e7419653 |
| SHA1 | fb2a980abe37a0b724edf932884931f946332b68 |
| SHA256 | b13d15f8d3e5498d3014dd0c5acc2b42df4aa08f96e0b3e59dc7c9e8c1e7f4c7 |
| SHA512 | 95f6d51d11df472808b9e6a765be6f13231901d698b62f0782e2c17a5ddeee43a8484894f11568ae474ffc7a3b27d8cd01785caf8d87eecdc4a3f64a3ece9255 |
C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini
| MD5 | e3738025a5b9406b5be8a9eb0471a677 |
| SHA1 | d198a36a22dfd771e416c74a61b4e086f92cbb58 |
| SHA256 | b9f76580a0e7c5ee8e73cf287c93d4e945c885d2df625777575303add0b4889c |
| SHA512 | 04705c6ffd9ba5e1c919945d356ead94b9a545cf176c4f3832afc6d1a646fd0e45f9afbcec0017030487e2f4f0b8f624b9c57a76b66301df5c11cc617f76989b |