Analysis Overview
score
8/10
SHA256
5f1ee7eac585adb1a5279041b286b4adff6ff9d29d459ca0dd05bb0d2bfe26d2
Threat Level: Likely malicious
The file LDPlayer9_es_1009_ld.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Manipulates Digital Signatures
Creates new service(s)
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Checks for any installed AV software in registry
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Drops file in Windows directory
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Launches sc.exe
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Runs net.exe
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Checks processor information in registry
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-28 18:18
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-28 18:18
Reported
2024-06-28 18:22
Platform
win7-20240508-es
Max time kernel
181s
Max time network
184s
Command Line
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
Signatures
Creates new service(s)
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\FuncName = "WVTAsn1SpcIndirectDataContentEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\FuncName = "WVTAsn1SpcLinkEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\ldplayer9box\dpinst_86.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRes.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdpInstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\host_manager.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxVMM.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\capi.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDTrace.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9VMMR0.r0 | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\libssl-1_1.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ucrtbase.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxRT.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Widgets.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\regsvr32_x64.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxHostChannel.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\vcruntime140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxC.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxCAPI.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstVMREQ.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\USBTest.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\platforms\qwindows.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxTestOGL.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxDbg.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxNetDHCP.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ldplayer9box\msvcp140.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\ldutils2.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\msvcr120.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-filesystem-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\fastpipe.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\Qt5Core.dll | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\driverconfig.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\vbox-img.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
| N/A | N/A | C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11928" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2889" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "23049" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4363" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1734" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1652" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000f83789e454f442c1318e53720e84eea53d59c6b2f98793199f12c518f69d4f19000000000e8000000002000020000000c0d14992a556748b8e6806f36c658b14fecfde111481cde03149cd536cb93fda200000003027d3bbed4f746d4c1cb611a48ef733a0c49235414a4b06ba13cf8a9c26f13940000000bdfd782b73d18a14f5e491deb6fdb432867b182c0185117114092d0e91e1eab07422503e48ae3786c9536e249cc37031a603b201cf07e991580272efcc5145a8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11840" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2971" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\MAIN | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "23049" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1734" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2889" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11618" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11922" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2971" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9058de0a88c9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "410" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1652" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "4363" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ = "IEmulatedUSB" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ = "IRecordingSettings" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ = "IGuestFileSizeChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\ = "IVBoxSVCAvailabilityChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5409-414B-BD16-77DF7BA3451E} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\ = "IExtPack" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\ = "IMachineDebugger" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ = "IDataStream" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7e72-4f34-b8f6-682785620c57} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4737-457B-99FC-BC52C851A44F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\NumMethods\ = "8" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\ = "IHostNetworkInterface" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE}\ = "IDisplay" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7997-4595-A731-3A509DB604E5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\NumMethods\ = "37" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ = "IVBoxSVCRegistration" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448e-bc7c-94e9e173bf57} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4b81-0077-1dcb004571ba} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ = "IConsole" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ = "IGuestFileReadEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42F8-CD96-7570-6A8800E3342C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ = "IFramebuffer" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\NumMethods\ = "43" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\NumMethods\ = "17" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| N/A | N/A | C:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1009 -language=es -path="C:\LDPlayer\LDPlayer9\"
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=328044
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Windows\system32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\ldmutiplayer\" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\ldmutiplayer\" /grant everyone:F /t
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/ykt8hgSabz
C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\dnplayer.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x584
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:472076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| GB | 18.245.158.82:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d1arl2thrafelv.cloudfront.net | udp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| GB | 216.137.34.91:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | ad.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 79.133.176.222:443 | en.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| SG | 8.219.48.146:443 | middledata.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.182:443 | advertise.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| US | 163.181.154.180:443 | res.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apies.ldmnq.com | udp |
| GB | 143.204.68.68:80 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:80 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| US | 8.8.8.8:53 | es.ldplayer.net | udp |
| US | 8.8.8.8:53 | es.ldplayer.net | udp |
| GB | 79.133.176.219:443 | es.ldplayer.net | tcp |
| GB | 79.133.176.219:443 | es.ldplayer.net | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| GB | 143.204.68.68:443 | apies.ldmnq.com | tcp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | encdn04.ldmnq.com | udp |
| US | 8.8.8.8:53 | hardzone.es | udp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | encdn01.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn07.ldmnq.com | udp |
| US | 8.8.8.8:53 | stpd.cloud | udp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| US | 172.67.70.36:443 | cmp.setupcmp.com | tcp |
| IT | 138.199.44.209:443 | hardzone.es | tcp |
| IT | 138.199.44.209:443 | hardzone.es | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| US | 104.18.31.49:443 | stpd.cloud | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 99.86.114.94:443 | encdn07.ldmnq.com | tcp |
| GB | 18.154.84.61:443 | encdn04.ldmnq.com | tcp |
| GB | 99.86.114.94:443 | encdn07.ldmnq.com | tcp |
| GB | 18.154.84.61:443 | encdn04.ldmnq.com | tcp |
| GB | 99.84.9.81:443 | encdn01.ldmnq.com | tcp |
| GB | 99.84.9.81:443 | encdn01.ldmnq.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.128:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 54.192.65.12:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.172.153.30:443 | cdn.ldplayer.net | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| GB | 79.133.176.224:443 | ldcdn.ldmnq.com | tcp |
| GB | 79.133.176.224:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 18.245.218.51:443 | ad.ldplayer.net | tcp |
Files
\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/1196-11-0x0000000004E60000-0x0000000004EA0000-memory.dmp
memory/1196-12-0x0000000073DBE000-0x0000000073DBF000-memory.dmp
memory/1196-17-0x0000000074570000-0x0000000074586000-memory.dmp
memory/1196-16-0x0000000003250000-0x0000000003266000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2E14.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2ED7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12e8122a81d1bc00ae74378f90a2573a |
| SHA1 | ceee468d27bf210f19dbcbc9edb95552a42e1973 |
| SHA256 | 0a320d5128a93a6efb9c80716201c565470f83997b63c52c7ee18fa7d7f639b7 |
| SHA512 | f6c1885a8dec7481cfa4260d3d5a02599503d5febbaa01c514e26f00428168faee08cf10a252723e2d2ea67267016b2ec1bc7d0f4e86ccf355b49ac3a652652e |
memory/1196-154-0x0000000000540000-0x0000000000584000-memory.dmp
memory/1196-155-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1196-156-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1196-157-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1196-158-0x0000000004E60000-0x0000000004EA0000-memory.dmp
memory/1196-159-0x0000000073DBE000-0x0000000073DBF000-memory.dmp
memory/1196-160-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1196-161-0x0000000073DB0000-0x000000007449E000-memory.dmp
\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 4def56a3500d5a4dec3ff797a88c5751 |
| SHA1 | 1a53c9c6f3d1e27ac8532e09f87990505c8090de |
| SHA256 | c09b51bdc9039b976a55eb8dc7c517d65d8d5f6eadda92d2de27ceee7845b0e4 |
| SHA512 | a96322ca61f45875bfdb7b514ce1a95bbc1faba3fc0b7bc7c0af3f05d68c14e47fddff64e595f6bf053df7e1efad3e5f9e33f3bc2e09501c3c20de62864ae1d8 |
\LDPlayer\LDPlayer9\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 19dae6362eb73913f7947f719be52516 |
| SHA1 | e157307ae8e87c9a6f31bc62ecdf32d70f8648d9 |
| SHA256 | ae0eba69019294d03e11d68fea0ee72e77bfe156803f1b83bc8566a0a4d3584d |
| SHA512 | f5eb5771eb03f7f2067e32573397814ff3ef54dc7fae0abadad6bfdcafef6a4a5bf6f3ab9874c0530cb70cb995f6716ca8fa1cba175ed5a1d298c700f6e59ad2 |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | d4d2fd2ce9c5017b32fc054857227592 |
| SHA1 | 7ee3b1127c892118cc98fb67b1d8a01748ca52d5 |
| SHA256 | c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185 |
| SHA512 | d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918 |
\LDPlayer\LDPlayer9\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | ebac9545734cc1bec37c1c32ffaff7d8 |
| SHA1 | 2b716ce57f0af28d1223f4794cc8696d49ae2f29 |
| SHA256 | d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26 |
| SHA512 | 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2 |
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2.dll
| MD5 | 646456fd231e023b5cb5a42ec198db72 |
| SHA1 | c68ced52cccea67181a8ccfbe4185cbd79f7b7ca |
| SHA256 | 326706ead22f4325b01fdc479ff94c9ec52fba57fd03717f160313ad764eff9b |
| SHA512 | 8869dba375750c30f16f78aecf106dfaaf74b1ad131022817d571c5c56929870f4e9aa904975c4eeb4242dbabf138c7da8ed708abc82835b70603e17c47548f7 |
C:\LDPlayer\LDPlayer9\vbox64\GLES_CM.dll
| MD5 | b6b5ae71db9f20a36a9b3ed95dd7859b |
| SHA1 | d815967234b86b570cfd62f94d7688a5c630ffc7 |
| SHA256 | cdaceffdbf5b32247b6a3d05d7655b9071522b7eef265ac2cad9901d2422b90c |
| SHA512 | a0ca59c6614956aa07757db572123cbbe21e570d4b0e4704a398360ded9184a9ea44ffbf9b868736aaec35305f40540560a0638f752627beaeaf60ef7195901e |
C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll
| MD5 | 413e78cd4603f4251407d30cfd504481 |
| SHA1 | d42e5ce14e38bbc62bd1d82f111efe3a7d5ad71b |
| SHA256 | 819567d94fe25e41e81c395faee4f8c97a17f0b45fcd1fc52aee436f9fb04020 |
| SHA512 | f1c162a511af04521497f19b01cfa7fd00e031141b504076da15bcd8ebc7c8ac8de7d4c5e3fcdcebe19870ca18a6f930684e0ea4cd9817821808300887166bc7 |
C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll
| MD5 | 38a04f46d8f9d5c9c7f7ee6a7175fd4e |
| SHA1 | f829e1b3a21d1278f9729bb739b6e8cd74bcdead |
| SHA256 | ad34635b76825b34172af347934c831182891dc2ca6820deeb8a8bd7974c822b |
| SHA512 | 603853062cdbe8790a4c82b7cc72ee381f5566f7715085f091042731bfdab5019686f3a2a61e33675be14560f7aedf96986188bdf4f88520eee38c7452c466aa |
C:\LDPlayer\LDPlayer9\vbox64\EGL.dll
| MD5 | ef46946bf30878e9ecf2044feefe7761 |
| SHA1 | 873bd7311fd58de541d64955579ac1e3935e593e |
| SHA256 | a788ce50d0e0bfa2d49027c91f0260d4a17491694a6634ea950ea37bc7f664aa |
| SHA512 | f3c0c56903577a16119bcc39199fb446f9463f24435a8471ad508b8280639e178962bea70880f16918f5759d55393c68ee9412769062de4899b5071bf2d6dffd |
C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll
| MD5 | 54eb1567d87a7f8d522b558befab22da |
| SHA1 | b461e8eadbfe5a5beff264aec3bb7456524d6e9e |
| SHA256 | fca9cd3b650bb5384a25cdcf5a3947f246b5c3d9ca81c387fe1faab2427f20d3 |
| SHA512 | b1e3b347fabf3054ec729eefa7495f775f26fb4221bebfb785076e16ea1cfcd2d3738e2851ae0c8a753861bd8bad1931108067967f20faeebe33ed9b43916b93 |
C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll
| MD5 | 65f2e5a61f39996c4df8ae70723ab1f7 |
| SHA1 | 7b32055335b37d734b1ab518dcae874352cd6d5c |
| SHA256 | 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab |
| SHA512 | 0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cb4a19b88bec5a8806b419cf7c828018 |
| SHA1 | 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d |
| SHA256 | 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7 |
| SHA512 | 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a992f1e06c3c32ffe9799d4750af070a |
| SHA1 | 97ffd536d048720010133c3d79b6deed7fc82e58 |
| SHA256 | b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f |
| SHA512 | 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d3d72d7f4c048d46d81a34e4186600b4 |
| SHA1 | cdcad0a3df99f9aee0f49c549758ee386a3d915f |
| SHA256 | fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116 |
| SHA512 | 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | c99c9eea4f83a985daf48eed9f79531b |
| SHA1 | 56486407c84beecadb88858d69300035e693d9a6 |
| SHA256 | 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5 |
| SHA512 | 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a3f630a32d715214d6c46f7c87761213 |
| SHA1 | 1078c77010065c933a7394d10da93bfb81be2a95 |
| SHA256 | d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562 |
| SHA512 | 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 7ddd5548e3c4de83d036b59dbf55867a |
| SHA1 | e56b4d9cfca18fb29172e71546dc6ef0383ac4e9 |
| SHA256 | 75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef |
| SHA512 | 9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll
| MD5 | 18bdfd4b9e28f7eba7cbb354e9c12fcb |
| SHA1 | 26222efacb3fce1995253002c3ce294c7045cf97 |
| SHA256 | 3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154 |
| SHA512 | 7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 4394dafed734dfe937cf6edbbb4b2f75 |
| SHA1 | 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a |
| SHA256 | 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345 |
| SHA512 | 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 77c5cc86b89eed37610b80f24e88dcc2 |
| SHA1 | d2142ecce3432b545fedc8005cc1bf08065c3119 |
| SHA256 | 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6 |
| SHA512 | 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 2c8e5e31e996e2c0664f4a945cece991 |
| SHA1 | 8522c378bdd189ce03a89199dd73ed0834b2fa95 |
| SHA256 | 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979 |
| SHA512 | 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fbfcf220f1bf1051e82a40f349d4beae |
| SHA1 | 43154ea6705ab1c34207b66a0a544ac211c1f37d |
| SHA256 | 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d |
| SHA512 | e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bef17bf1ba00150163a2e1699ff5840a |
| SHA1 | 89145a894b17427f4cb2b4e7e814c92457fd2a75 |
| SHA256 | 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328 |
| SHA512 | 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c7c4a49c6ee6b1272ade4f06db2fa880 |
| SHA1 | b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e |
| SHA256 | 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f |
| SHA512 | 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | c0c8790510471f12f3c4555e5f361e8e |
| SHA1 | 7adffc87c04b7df513bb163c3fbe9231b8e6566a |
| SHA256 | 60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80 |
| SHA512 | 4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 6f9f9d52087ae4d8d180954b9d42778b |
| SHA1 | 67419967a40cc82a0ca4151589677de8226f9693 |
| SHA256 | ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0 |
| SHA512 | 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll
| MD5 | 7243d672604766e28e053af250570d55 |
| SHA1 | 7d63e26ffb37bf887760dc28760d4b0873676849 |
| SHA256 | f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18 |
| SHA512 | 05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 56486925434ebcb5a88dd1dfa173b3d0 |
| SHA1 | f6224dd02d19debc1ecc5d4853a226b9068ae3cd |
| SHA256 | 4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce |
| SHA512 | 7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a639c64c03544491cd196f1ba08ae6e0 |
| SHA1 | 3ee08712c85aab71cfbdb43dbef06833daa36ab2 |
| SHA256 | a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60 |
| SHA512 | c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll
| MD5 | e1debeda8d4680931b3bb01fae0d55f0 |
| SHA1 | a26503c590956d4e2d5a42683c1c07be4b6f0ce7 |
| SHA256 | a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d |
| SHA512 | a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll
| MD5 | b72698a2b99e67083fabd7d295388800 |
| SHA1 | 17647fc4f151c681a943834601c975a5db122ceb |
| SHA256 | 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378 |
| SHA512 | 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 6e46e5cca4a98a53c6d2b6c272a2c3ba |
| SHA1 | bc8f556ee4260cce00f4dc66772e21b554f793a4 |
| SHA256 | 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce |
| SHA512 | cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\67M64WLQDR1EDFU6DVUD.temp
| MD5 | cfd27a9a66db543ad0d72d20c97b4813 |
| SHA1 | b1ad72d4d3ae9973f98c5bc527ef6fe9969c8cfa |
| SHA256 | 3240a74df2c0124ea59c10b166d6406370632ad2204655b568a9d12dbf06aec9 |
| SHA512 | a915e200eafa8c2d20d30c7b025f9ec84c72595552e0e58eae1c55d62dc99452dfc5fd1f4880eb302376d13d114b98c195d6c30972defde880fefb923c92d5d0 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll
| MD5 | a37faea6c5149e96dc1a523a85941c37 |
| SHA1 | 0286f5dafffa3cf58e38e87f0820302bcf276d79 |
| SHA256 | 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e |
| SHA512 | a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 6486e2f519a80511ac3de235487bee79 |
| SHA1 | b43fd61e62d98eea74cf8eb54ca16c8f8e10c906 |
| SHA256 | 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667 |
| SHA512 | 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 540d7c53d63c7ff3619f99f12aac0afe |
| SHA1 | 69693e13c171433306fb5c9be333d73fdf0b47ed |
| SHA256 | 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36 |
| SHA512 | ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 77e9c54da1436b15b15c9c7e1cedd666 |
| SHA1 | 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360 |
| SHA256 | 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658 |
| SHA512 | 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | b8bce84b33ae9f56369b3791f16a6c47 |
| SHA1 | 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4 |
| SHA256 | 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8 |
| SHA512 | 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 89766e82e783facf320e6085b989d59d |
| SHA1 | a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed |
| SHA256 | b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90 |
| SHA512 | ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 769bf2930e7b0ce2e3fb2cbc6630ba2e |
| SHA1 | b9df24d2d37ca8b52ca7eb5c6de414cb3159488a |
| SHA256 | d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a |
| SHA512 | 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | bedc3d74c8a93128ef9515fd3e1d40eb |
| SHA1 | d207c881751c540651dbdb2dbd78e7ecd871bfe1 |
| SHA256 | fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32 |
| SHA512 | cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360 |
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 330013a714c5dc0c561301adcccd8bc8 |
| SHA1 | 030b1d6ac68e64dec5cbb82a75938c6ce5588466 |
| SHA256 | c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a |
| SHA512 | 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1 |
C:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 2061141f3c490b5b441eff06e816a6c2 |
| SHA1 | d24166db06398c6e897ff662730d3d83391fdaaa |
| SHA256 | 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0 |
| SHA512 | 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | c9649c9873f55cb7cdc3801b30136001 |
| SHA1 | 3d2730a1064acd8637bfc69f0355095e6821edfd |
| SHA256 | d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f |
| SHA512 | 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 13b358d9ecffb48629e83687e736b61d |
| SHA1 | 1f876f35566f0d9e254c973dbbf519004d388c8d |
| SHA256 | 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd |
| SHA512 | 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll
| MD5 | cedbeae3cb51098d908ef3a81dc8d95c |
| SHA1 | c43e0bf58f4f8ea903ea142b36e1cb486f64b782 |
| SHA256 | 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0 |
| SHA512 | 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll
| MD5 | 8fd05f79565c563a50f23b960f4d77a6 |
| SHA1 | 98e5e665ef4a3dd6f149733b180c970c60932538 |
| SHA256 | 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73 |
| SHA512 | 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll
| MD5 | 7041205ea1a1d9ba68c70333086e6b48 |
| SHA1 | 5034155f7ec4f91e882eae61fd3481b5a1c62eb0 |
| SHA256 | eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d |
| SHA512 | aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll
| MD5 | e87192a43630eb1f6bdf764e57532b8b |
| SHA1 | f9dda76d7e1acdbb3874183a9f1013b6489bd32c |
| SHA256 | d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf |
| SHA512 | 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | e46bc300bf7be7b17e16ff12d014e522 |
| SHA1 | ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44 |
| SHA256 | 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e |
| SHA512 | f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1 |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll
| MD5 | c1fdd419184ef1f0895e4f7282d04dc5 |
| SHA1 | 42c00eee48c72bfde66bc22404cd9d2b425a800b |
| SHA256 | e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7 |
| SHA512 | 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | 0fb91d94f6d006da24a3a2df6d295d81 |
| SHA1 | db8ae2c45940d10f463b6dbecd63c22acab1eee2 |
| SHA256 | e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8 |
| SHA512 | 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c |
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll
| MD5 | 1fb62ef7e71b24a44ea5f07288240699 |
| SHA1 | 875261b5537ed9b71a892823d4fc614cb11e8c1f |
| SHA256 | 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a |
| SHA512 | 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61 |
C:\LDPlayer\ldmutiplayer\dnmultiplayerex.exe
| MD5 | d17f4553c096a1ad78848bef1bf4da53 |
| SHA1 | 80482424c100c03115ccaa3121e2631eb0afc29d |
| SHA256 | b3a94233380c2e9197e8abbd18fe896e5acc5e976c490d0c5b18ed48d1aa5b6d |
| SHA512 | d3fe99251f344204f62113bb16b2cfaa37f9d2885255e72029b5aa7d1d7eb96e24f21c0f8efc879b232862279bbf83514a26c5194b197c0cc1bf66c829ec8045 |
C:\Users\Admin\AppData\Roaming\XuanZhi\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
memory/3064-783-0x0000000000140000-0x0000000000156000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efb6abc546ee58f684e27fd0acad3cc0 |
| SHA1 | ec99673bc74bf4c97e970da09887f83e0d9a64c3 |
| SHA256 | fb01750c38863ef765dfc1fe37d3a1be95993d48f8d4aff46b1e1cfc6271e412 |
| SHA512 | ce19633aa8923f596f79e53e179a96ec4384e63825c6604e95f4912cb642cb33cfb1e2d6fbd4fd7a9245763f0a325469a8ad23c9578d05d291745a68958af9a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 56f4feb23595fdbcc1da6d6d1e374e5f |
| SHA1 | 943627a9745832e66cfe3336e0f661819d3d53ea |
| SHA256 | 191b092310713350eed2f0f67b46ca373cb8c2a17923239c5f5a880893146d7c |
| SHA512 | 5c6b60690b305ef62b850b38cd557d1febafb028010d78a4a439e4b26a685252d15c7e4f88c9661c9fc7e2a3fb54037ba2e9b6196a2245cdb134c28d3141239c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eedec4ce943b99071f9587f2cad0153 |
| SHA1 | 49a22d43a0975cefedbce9d8812952ab544de354 |
| SHA256 | ba08db75f6c196af03cb8951025228030c1949d1170a447f7ddf9c3fbc15821d |
| SHA512 | 3c5e4be232165f6bf16612bf7bffb5186ec8bcb407ff82537650b923081a5a834cc754292716b748830e6f36fa51261768404c46900fe1951d9ce7c867bb7146 |
memory/3064-901-0x0000000036F50000-0x0000000036F60000-memory.dmp
memory/2468-910-0x0000000000150000-0x0000000000160000-memory.dmp
memory/2468-909-0x0000000000140000-0x0000000000150000-memory.dmp
memory/3064-911-0x00000000054C0000-0x00000000054C2000-memory.dmp
memory/3064-912-0x00000000054D0000-0x00000000054D2000-memory.dmp
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
memory/1196-970-0x0000000004E60000-0x0000000004EA0000-memory.dmp
memory/1196-971-0x0000000073DB0000-0x000000007449E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\favicon[1].ico
| MD5 | ec2c34cadd4b5f4594415127380a85e6 |
| SHA1 | e7e129270da0153510ef04a148d08702b980b679 |
| SHA256 | 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7 |
| SHA512 | c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91275bce86400e38af8ef0934201f05c |
| SHA1 | 6da672708de993de543ec9133f2aa229ef8e5387 |
| SHA256 | c4f116dba1a5d11e02a693852a3b0dd0d72c13f992bc1758676e9636b26f2ccd |
| SHA512 | 92be1444847bfe900ac091325425b3ba3284720effb00ae95e60d69ea5b2f14d2b65fae2cccbd4f46b4a973a70214a301db1682b64e6d200236a4b113faef6e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b296b4eaa71e56aadaf3287609523392 |
| SHA1 | 65b0907b46543b5422b821bebec45e9f070eb027 |
| SHA256 | b3a39d182b803b7719b9b6c48ccec65c288bdbafac81c2dfedc8b2f5643bc1a0 |
| SHA512 | 5aeaf2d591ed55a838d2ff1f4b6bdb128a827a7562127cdca40590d87235166a4a4e31c5bab2c0914a0d4ce242fdecadafdbb8371b3d78358cc52c8ac7ad4e10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b16e8e4945482a829419cf673c8e69d |
| SHA1 | 0084e814528743783ed9a0ddf356adaf7f37e164 |
| SHA256 | 2a285ef4d0de1a8513c51d1425cf87d78caaf598e07ff1422516cd073ac25daa |
| SHA512 | 2fd503e48f787a59ca5169618efc25e426c5f5ed1fa8b1f6237884a9d3a4bc9c1859ca65ee159b714670a84caa251243ed60a4ef88e1d342ebe501b45ece1e7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef62fd937ebd1fedd652ae1ccd6581c3 |
| SHA1 | 401194a855118036779b71f51f6d9959f80a0f42 |
| SHA256 | a2c130c6111b07f4320f19dbb79b60bbad221fdd5a5957fc43dd4dcd33d1f844 |
| SHA512 | 5d9f46a960bb6e6991e32938033feb51504e029e346edb723031ca6367782e537186cf57a98e405a642dbb6bd2373a7127a2dc7511b0de51f78e1d2415576caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b9c2c58661e4fd45519c524b5e94e87 |
| SHA1 | 46559007dbd34e88b0734b69d78e94308019b3f7 |
| SHA256 | 0550e690e6d8d49f1f9c69d50e30b8c25eb44e57c8137dd612cb514e096bc299 |
| SHA512 | 73449eb5cfdc21b8421eed3b8e2d8fe92de006a1ba8f3e0fbae460c8097fc4e5151ce20165791b0dc5ca2d167b9421b4493e7e1129c4d442128abd52925463d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 378f1eb217c2a1c427a39733bb6e23b6 |
| SHA1 | 25feac1db145efdf3a03f2dd9a66d7514c46e15b |
| SHA256 | e2a65d0bb8ac09a3e8b40225c48ee45064163f4f4785d10d69474c7e331821ba |
| SHA512 | ea47ae66bebbbd1ea54be614138e8807d8a0a76890963337c11404ee612eea82619f7767ee2743f7253ac5bf72b5c4898a4965a6eed107fd652462e98a390cb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5740692862ffe4769570efab83f9c7dd |
| SHA1 | a7c5175cecef621ee54b2b094c561bc0b6145ab8 |
| SHA256 | 01bcb6458b762571068bf091b227443ce5bd566d8aa7d7d4a72b0c9a593da391 |
| SHA512 | e1e7e64dcc2a939a54ddd5d9cc01f52cf36b091bf7568e52ed820ca352410478e0c3daa67a361ceaf03d0977c46c1cd589f8bdd9c495a8a36d9d7cf460350c5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6be5e9db13c6305a95f7b158c00d1fbb |
| SHA1 | 99510832c6cb8105449f45eff68f14743e9dbb86 |
| SHA256 | 7ef5e73c8cbea8d009cb13c87b011bfdab0772090f70ba40d444304b07e35a3b |
| SHA512 | 2867235ad849e20afc3f52a0ae28c896cd3146d7dcd584458086148c7ed3aba66438297b73895f7b22fd101bca53a480fb1b62895e68e15756d2d14dcd9171d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9da6e40b1055e2458d926ee8b99d9de9 |
| SHA1 | 8e079a4f6cc7f3e37500c92183cd967ccd36f89e |
| SHA256 | b8862621901860bfd44af481e113b0f5bc546094c817687fb1ce991a466392ea |
| SHA512 | 4f24b988ec812c33a0f665cdcca541de57b7ea5edee9d4282052f0cda8d52950381192022dd8e7cca5fc55746f984fc553c1049150d265287bdba48c89795565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb9b795d90132afa7b42a33fc102010b |
| SHA1 | ea286257855927283d61a939f2a0b9cb5a14d3bd |
| SHA256 | 979d67a0efc0734da588ebb3928028f130c5668cbb2b647d3daf97be8344523f |
| SHA512 | 990a9fcb3da7e526ad8094d583c25597b809127f118ccb06bf26d8e9f6d441b10006c70778fa6a8f3159dcb22cd3e007175631f9f1468cd3b432640fb9ddcd3b |
memory/3064-1483-0x000000006B2B0000-0x000000006B32E000-memory.dmp
memory/3064-1484-0x000000006AD00000-0x000000006B2A6000-memory.dmp
memory/3064-1485-0x000000006AC80000-0x000000006ACFA000-memory.dmp
memory/3064-1482-0x000000006B330000-0x000000006CD2B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 4f7cc61fc2490e7877e2369caa05273d |
| SHA1 | 5cbd0fbd747169c450e0b554fdaae1274b8c346b |
| SHA256 | 60624d5e58a7f593b5c9481c16471fe447d9752eace3883c662d079696d71f8f |
| SHA512 | 8e2ecdbccddc4cbcc19092c6ee05dac1f19f8097059a1cc35ce65033cbcd4890dea3d461942e4ec2d9ec78336edd22739f5d6f9cbd5504840f2cd032bed75e80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92298e0f2a4c6f28b317a0fa7ba2055f |
| SHA1 | 05b7ddbe4e30022695b86426d61ec9d96214745f |
| SHA256 | 457f5ca61fd9566293917c02c06fd7fb4b361149ff7bee5bef3c237fd4dd6484 |
| SHA512 | 6452041e667120254f79e439659bd6d9f773dd80f93c82bd2c2dc8259e90c2daa0f62897752c1c95fa79e812fe389dd7f08a6a7db44586c56edc7267f2b095a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 1f5554479485e2b5e556da8f00f9f03a |
| SHA1 | bf96b3deccf742d7eba303c8dd786d035ac48387 |
| SHA256 | 083a2aa4bec8ab72bea8f2135a5e3f832d9aebf9a4ae778d7ab27153b864a7e1 |
| SHA512 | fc516019e6586c6b59ce3e18dfc89f3f1e62a101eccbada6ea454e6d10677705823e630689462516acc69268c14a5e8581e4bf8c051fa9c8ce2f3f9af2f7884f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f06cf6a1db042809fcd5d9c0b561675 |
| SHA1 | b6f1ee9b9de22b70f879b7aeb58367bcf59fe696 |
| SHA256 | f1bf68480cc3e2d11112a3cf424d246750678ef2036c55950a1269c22b7cc474 |
| SHA512 | 64c8918392c3deae75e7936e06cf7d2609edc20278ba96a846a84d8e7c086f33b43e9643d5d16e801159230fc747314e9698d2b3d345d0ad6b0faa0985171dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | ba21c84dabf1aeeb9b7e405ef5322dbf |
| SHA1 | dd38b9373b3ef51ac3cee04f5610abd587e92e2a |
| SHA256 | b58db86c7c2c0bebfa37c1bc5130223372c1d53df20ebb7d916bcd1f9b660384 |
| SHA512 | 402f4e9042e6526b1897b637d8f68e50090d410e10be6adeb28fb83ab75fe2b72b15ed73c16bf9f50e7a16a28a09902e8910dc9b1f406a2cffa4ff8eb6f64cf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 4aada59b9b3dfceb2552e2922cd5f78b |
| SHA1 | 7821e471b93201a81ffdd6970fec61769aadf7dc |
| SHA256 | 659cf5b5eead3d82e98a7ede8e3b77fcbbe7a02889d63af0cb7832917e587b46 |
| SHA512 | 674f05fbadcf2926cc239967ef714d0a14b3b91d7bf42689d026a75b742fe6a47b81e5fad1a438180a14e5763272c3f46d34d88e194fd0d9bee2f019105ef2da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_B3A2491A9A3961423DD53D467E8D3BE5
| MD5 | 3aa44e1e36de9443edae1c6d240e2368 |
| SHA1 | c68dbef5a50ff019b55329d0ef4d132e6eafd130 |
| SHA256 | d8c07be85f42ace71b4aa4f7b59f46e3573a2976cb8cdd50faec5596390c5583 |
| SHA512 | 30c3ac5155cab2817b270e949eb9902acabe3625d7db6025ad3c184c326ccc06e9d6b1256e9062cc45073bd5a2b2e1ba94a443d6d9f066d3b1697e14482644fa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 89a789845ebfdb32e4672de817124be5 |
| SHA1 | 4e31c4f4858b8d98280e9628dd2615c4e0425545 |
| SHA256 | f0d08c2f3588f1047626a03c9e72dd05279e2316793444161fe50ecdcca0c468 |
| SHA512 | e7730ade213fbd65ca37c12f99e8c2ad55305b039fc2f0c7fe482956eeb1783d2b097ee54245e8d8769215f0b43d0e95d02d8ef46a8933af761989c038a7c82e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | e29c963f1485564146f9daaa95f640ad |
| SHA1 | 8a96149b264f92f43f09d652bc2e86d4406af37b |
| SHA256 | dea514f803c785f32da62302d26ae1c8e5eb4357cd5bfce3d130ab4e8803be82 |
| SHA512 | 369f25f5ed23d9b484d8acac024e60bc1b36973f8eb9c8b08012b5c25bf6d6ad6e0e8e342b8880d308a18152c4f8fa12fa09e4ce4a36741fe0c67cf23593a1ed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 2b360a580d34f0a0a2544c961618274c |
| SHA1 | 43ba77ebfcb7824b567710d07a6abf2a53e51690 |
| SHA256 | 47035eb4113255bfe3f6ae16cd32d8e04c6b393b62c1df8698e53d518d1f77e5 |
| SHA512 | f9e3165062fe0d7ef2131296d9b618c5d67ef150fbbfe40154007d4284cd5c72f2acebd0ef43b022f98eb78c3737da65298c4bf36fc1cf877000efa35b256353 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 785ca027459ed862ddef200b822dd835 |
| SHA1 | 6a8c2dd53c431b3e72a3649dcf293adadc64e9af |
| SHA256 | c7a501efedb7603f1a4232801972d290422694c239d1cce64c8aa5e56309c268 |
| SHA512 | 69a419df37e8ba8b5caabca41835088c4fdaca58bdfa27ebd8a69da43a2d92d05122a18d42a73ec4154d18dcdd984af661c4d27925fc5f5b8a121616755332bd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\favicon[1].ico
| MD5 | a0c760136e1b6f7633a3582f734c53eb |
| SHA1 | 00176cd4ab6423fb4673ad856e79447b93dd05fe |
| SHA256 | c7eb5447c806948853f817df7f8a1871a8707987d5606e39b145d69f7dc29cd1 |
| SHA512 | b5f9d0e6fc9346ac34a87fc5cb42bf375a0e2d58eff5fb53dfae4a1e576940cb2f57f921be390bb66b5ebc7b174b9d88d8519a27773624f1dabc960e077ecf65 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92mvs6j\imagestore.dat
| MD5 | 5b29f8fcb79465fa217e6ec0013d068f |
| SHA1 | c005b5932dc4b9e70bf7d4652830e92285b4be01 |
| SHA256 | 9da390d046bc2e9b8f66b56e67106ebff3facf62529bfbb05545f04f2cd3ad7f |
| SHA512 | 711cbf6f08189d03359ef99ad83662027afd7fdba4767d5f7fe3a8cdde584711fb7055bfbc88ae89dd04fd88bfed275567756f5b7ef23cda7711bc640dc8de5b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | e6b5210719d65c2f55c76b072526009c |
| SHA1 | a00c67a6df7bf43cfe0a7f4feba6f59e5ed3936a |
| SHA256 | 629df2a135952c65a735bcae74933fe31fda30d3dadbd95a203c30011f4f24fe |
| SHA512 | 90fe4802be749fe78bb5f3bd6cac823d50121febe872e9b5a687a2c817b8d3bfcfb8a034b036a47bdf4fb9f44409889ffbd0cacc878124bac09ff7062af04c98 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 1111e755e02d92252e272f0fa856ef21 |
| SHA1 | ce0a2cb4f753240468fd9b0d0b203c2ba594917d |
| SHA256 | 70cbf632ddb85be430683fe8b2580e5d18a22fc4ab4f4efc9b4cebefb905da5f |
| SHA512 | 650d9e4f7bfbcbc10492963c16cd02c9fc9d92d72d5360dc7bcd06f8fb4108d629ddbb3828cff185b2634724ea3d6d68b3b66186217a93269d8f2697c86ab628 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 46583a05036c49e41944552fb7c44417 |
| SHA1 | 9fb5b9302776ae02f71f0fd8138cda2968f661ad |
| SHA256 | f0a692fa62201ab860032c3484e2cecf9325d9ead9604fc4a7b1efafdbff9aec |
| SHA512 | c952c726ef17a135287e1fb878239800629b86169d4e8e3bb65c4351255d1fcd2f79f2522dd868369bb2b04e06626bb3d115dcba5020def9e555c851d5eacc3e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 4cf7edba377230ffbcafaf8d32d81b2a |
| SHA1 | 6da6055e27cceb662d4ad373718056c4ad34b76f |
| SHA256 | 39cc5849e12227ae829b9ff6490d25874adf71140e24b7491bc8f7375e8873c0 |
| SHA512 | 84908fedf4552770335e7dfc57c6eb1ab8e516d7b37562eac990753ede44b8cc0b1c4df6c7a504300da89b4cfc122636ef74ea0efd48fe95a2fe980e4ff0b51a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | b18cce0d1b0c7e0f92eb8848bd504dc2 |
| SHA1 | 27fa2b46ec2fc232a3395bc3ff2afbcb65ec15c9 |
| SHA256 | a10fcc73b8f8e5da74dee7509ece5ea7c0ef2069ef73b815cf391ec176bcb66a |
| SHA512 | 3648059f629deafc5ffb0428778ec7895e795ea7e575190aa52f955d49dc82637e9fa71ddc6d0579719d66a9c1e5a005876b3272fc106030204f80dcdd451265 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 3db38e820e31440a97bdeb4d59cb1658 |
| SHA1 | 3cf048ea1ae2dc19a70779f5b868380d1f295379 |
| SHA256 | fe750ac8bac7c0581a262f6e11b89af78044c0b40412ee9cfd058a3763a52f4f |
| SHA512 | a4ab75bb72ce8e3f2a31e13282899578aa5bafd8d9d784e4a8df3b68851689a29ae62f5328801fbb7235091fc06d9e479d9d5e9670e87c97d84bc5809d2ec408 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\U13NJ4T9\www.youtube[1].xml
| MD5 | 4ffeba2438a07918cc3b5a935e0a9db1 |
| SHA1 | b5e6d4d41e1ecdcf68617c6bbc67bc8a7eafed45 |
| SHA256 | 2ea9cbb496e9c362f02fe4e9fdfd924bc5b4ea2b1f61e5665627b742dcd4e0c3 |
| SHA512 | e32e400e5f7eb8e7ea8176be9f99fd891868171b39285cfcbb71d14524cf6182cd05f6ab55af99187558e2a2d70505a78fa2380c1b854cb6d01437fef4df87e3 |
C:\Users\Admin\AppData\Local\Temp\~DFFBA3DDB731A223E8.TMP
| MD5 | 259cbd5205f346e686ee48909587644f |
| SHA1 | 1f08695d2e587e8dbb64c74c5f42a4fbed69295a |
| SHA256 | 365eb076e5efa0ee18d1fa6d68d3393702cf49737caf98dc08ffe33376eae4d2 |
| SHA512 | ad30e125eb98755badcc3ef6268ace53db5dd7fe2f8161c75cfdf3955a6c5c4d5bb76eb4fb6fd5f2d551309cf6a46a14c69f2c46c1b5382364c33b09577fc8b0 |
memory/3064-2212-0x000000006AC80000-0x000000006ACFA000-memory.dmp
memory/3064-2211-0x000000006AD00000-0x000000006B2A6000-memory.dmp
memory/3064-2210-0x000000006B2B0000-0x000000006B32E000-memory.dmp
memory/3064-2209-0x000000006B330000-0x000000006CD2B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-28 18:18
Reported
2024-06-28 18:39
Platform
win10v2004-20240508-es
Max time kernel
1168s
Max time network
1169s
Command Line
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/784-12-0x00000000069B0000-0x00000000069C0000-memory.dmp
memory/784-13-0x00000000728AE000-0x00000000728AF000-memory.dmp
memory/784-18-0x0000000073150000-0x0000000073166000-memory.dmp
memory/784-17-0x0000000009260000-0x0000000009276000-memory.dmp
memory/784-20-0x0000000009850000-0x0000000009DF4000-memory.dmp
memory/784-21-0x00000000093A0000-0x0000000009432000-memory.dmp
memory/784-22-0x00000000069C0000-0x0000000006A00000-memory.dmp
memory/784-23-0x000000000A380000-0x000000000A482000-memory.dmp
memory/784-24-0x00000000069B0000-0x00000000069C0000-memory.dmp