Malware Analysis Report

2024-11-13 18:04

Sample ID 241105-gyx5kswdre
Target LDPlayer9_ens_1001_ld.exe
SHA256 10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4
Tags
discovery execution exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

10c59dd6cef6195616ec76184885c1ed1134f9c2ca801652c81a018d040ebbe4

Threat Level: Likely malicious

The file LDPlayer9_ens_1001_ld.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence privilege_escalation

Manipulates Digital Signatures

Creates new service(s)

Possible privilege escalation attempt

Modifies file permissions

Downloads MZ/PE file

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Launches sc.exe

Checks installed software on the system

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Runs net.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 06:13

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 06:13

Reported

2024-11-05 06:16

Platform

win10v2004-20241007-en

Max time kernel

143s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 res.ldrescdn.com udp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 apien.ldmnq.com udp
US 150.171.27.10:443 g.bing.com tcp
GB 79.133.176.185:443 apien.ldmnq.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 239.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 185.176.133.79.in-addr.arpa udp
GB 163.181.154.239:443 res.ldrescdn.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 130.87.245.47.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 06:13

Reported

2024-11-05 06:16

Platform

win7-20240903-en

Max time kernel

158s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe"

Signatures

Creates new service(s)

persistence execution

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES_CM.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vccorlib140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\libOpenglRender2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcr120.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxTestOGL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxSup.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ossltest.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\USBInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSampleDevice.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\libssl-1_1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxAuth.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\ldutils2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5PrintSupport.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9VMMR0.r0 C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dasync.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5Gui.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\NetAdpInstall.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\capi.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\ucrtbase.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\GLES12Translator.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\ldplayer9box\msvcp140.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\UICommon.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-filesystem-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDbg.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxRes.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\host_manager.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\Qt5OpenGL.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSampleDriver.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\fastpipe.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\dpinst_86.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxC.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDD.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\vbox-img.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxDD2.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSDL.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BB83F51-9B3D-11EF-9EA5-F2BBDB1F0DCB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\MAIN C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{20191216-9CEE-493C-B6FC-64FFE759B3C9}\ = "VirtualBox Application" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\NumMethods\ = "18" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ = "IGuestFile" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ = "IFile" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\ = "IAdditionsStateChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1C58-440C-BB7B-3A1397284C7B}\ = "IStorageControllerChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3e8a-11e9-8082-db8ae479ef87} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E1B7-4339-A549-F0878115596E}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402e-022e-6180-c3944de3f9c8} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1207-4179-94CF-CA250036308F} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ = "IMediumAttachment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6038-422C-B45E-6D4A0503D9F1}\NumMethods\ = "15" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods\ = "18" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\ = "IMouse" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ = "IUSBDeviceFilter" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\ = "IRecordingScreenSettings" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ = "IExtPackFile" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-C380-4510-BC7C-19314A7352F1} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\NumMethods\ = "16" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\ = "ICPUChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\ProgId C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70a2-487e-895e-d3fc9679f7b3} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\ = "IMediumConfigChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods\ = "14" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win64 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe N/A

Runs net.exe

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2368 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2368 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2368 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe C:\LDPlayer\LDPlayer9\LDPlayer.exe
PID 2412 wrote to memory of 1364 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2412 wrote to memory of 1364 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2412 wrote to memory of 1364 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 2412 wrote to memory of 1364 N/A C:\LDPlayer\LDPlayer9\LDPlayer.exe C:\LDPlayer\LDPlayer9\dnrepairer.exe
PID 1364 wrote to memory of 1004 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1364 wrote to memory of 1004 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1364 wrote to memory of 1004 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1364 wrote to memory of 1004 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 1004 wrote to memory of 2888 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1004 wrote to memory of 2888 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1004 wrote to memory of 2888 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1004 wrote to memory of 2888 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1596 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1832 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1776 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1800 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 372 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 1756 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1364 wrote to memory of 2052 N/A C:\LDPlayer\LDPlayer9\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ens_1001_ld.exe"

C:\LDPlayer\LDPlayer9\LDPlayer.exe

"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"

C:\LDPlayer\LDPlayer9\dnrepairer.exe

"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197096

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

C:\LDPlayer\LDPlayer9\driverconfig.exe

"C:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/4bUcwDd53d

C:\LDPlayer\LDPlayer9\dnplayer.exe

"C:\LDPlayer\LDPlayer9\dnplayer.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1c0

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:668679 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 res.ldrescdn.com udp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 79.133.176.185:443 apien.ldmnq.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
GB 163.181.154.241:443 res.ldrescdn.com tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
US 8.8.8.8:53 apien.ldmnq.com udp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
GB 79.133.176.185:443 apien.ldmnq.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 79.133.176.185:80 apien.ldmnq.com tcp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 apien.ldplayer.net udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 res.ldrescdn.com udp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 79.133.176.192:443 ad.ldplayer.net tcp
GB 79.133.176.174:443 apien.ldplayer.net tcp
US 162.159.135.232:443 discord.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
SG 47.245.87.130:443 middledata.ldplayer.net tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
GB 163.181.154.238:443 res.ldrescdn.com tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 163.181.154.237:443 encdn.ldmnq.com tcp
GB 163.181.154.238:443 encdn.ldmnq.com tcp
GB 163.181.154.238:443 encdn.ldmnq.com tcp
GB 163.181.154.238:443 encdn.ldmnq.com tcp
GB 163.181.154.238:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 www.ldplayer.net udp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.243:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 stpd.cloud udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
GB 216.58.201.110:443 fundingchoicesmessages.google.com tcp
US 104.18.30.49:443 stpd.cloud tcp
US 104.18.30.49:443 stpd.cloud tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.237:443 www.ldplayer.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 142.250.187.227:80 o.pki.goog tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 79.133.176.185:80 apien.ldmnq.com tcp
GB 79.133.176.185:443 apien.ldmnq.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 142.250.179.230:443 static.doubleclick.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 79.133.176.185:443 apien.ldmnq.com tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp
GB 163.181.154.238:443 www.ldplayer.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabD165.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD187.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

MD5 4e579eadb5b8cbd8769397df5fbb8a1b
SHA1 950755b2b5db63e3d6eecddca8e9daabeba2f503
SHA256 5a545a6658e231d9d1df2fae65d04cffca5e78568d2869dbf5f88dee94399fa5
SHA512 80698dbcc255ecd7d904642ab339ef0d6cb319deba5f090ebbbd50ded4071ae54bf2c2c4aef53abd68f8c85805198427c3080af35ceafb66679c36cdc01d103f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D

MD5 606dbc6798a70caa8448dbdd8ebeaed0
SHA1 ad245ea9154b31d1e605c7fee7467798483ff20b
SHA256 6c73eda7b07ef3ff5d87c23fc6aa7078c4837301a0bdd54682d7daf06380bc7f
SHA512 c8684104097ce630e0e91d5a7d2320d9bdafb617ea1534ad880b03a35b06df2a1c367b739d8a675b70a724761f1080f88b220a03d20637e45f4916fb0452cb7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9792af53863f179ed8179aaab419eca8
SHA1 39d7396ec48acc3783d89d1139e842a292c8fd32
SHA256 731672f483d8db04cce31305e82b9fa18e079535881878ecc7571ea41318b2e4
SHA512 37a40fb206dba9925420f912fa4d44988d3aaf2ff536a67a093e510b3641847fa4bfd6763bd6d028b01a56187b89b225b831f0ddc732d0aa7c0ba102f7463522

\LDPlayer\LDPlayer9\dnrepairer.exe

MD5 5115ad2e73db8f2c00f9328c97469e0a
SHA1 552a24ab6bf961d84b1211f0b9d083c24c36781e
SHA256 19b8c6fa38f2fcc728acb3a110ab4bcdb49648440957a75ecc107c84f3eb7be3
SHA512 7ea61e22a4d036a690ed6fdb6fe05464c0430cc4811930815d6d7281f99c2895e7956b90ec255f59020da82c6f7ae32a9ac780e9d4464a05d4f680119a4ec739

C:\LDPlayer\LDPlayer9\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer9\MSVCR120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer9\phones.data

MD5 fdee6e3ccf8b61db774884ccb810c66f
SHA1 7a6b13a61cd3ad252387d110d9c25ced9897994d
SHA256 657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4
SHA512 f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

\LDPlayer\LDPlayer9\crashreport.dll

MD5 1eb5ffaa41c73d028b4108eef962fb7f
SHA1 bba9bcb8a064fdf68a79bae656f11ba039c9cc77
SHA256 421b885202b3bfe4c7e5f9281c17f836df1de98db6d14c6590eabf4d8153a6af
SHA512 148863b577f7d9fc25225e8dfd3f01d4865afb1596dd320bbd0451fae9d173fc1e15105f0e98352bffb6c36a2462e3d8292ce6db8877b0b921b304be1ba2b879

C:\LDPlayer\LDPlayer9\dnresource.rcc

MD5 8556c04c551d35d6a80ebaef4bde9af1
SHA1 158feb0ecf4a6c5cdd93169cdac4c8f10db6f85d
SHA256 7dd496d6acdc405576d42cb50956c203f7aa69080c65e587b1629f45d0b52ee7
SHA512 b29ec3d8833e96ec672ac7378b86bbcd3a9a306d01ae7acb143f68686fc7416a22cf09f315cbfad0e38aa2e7d8595df2584e38bd6d9b1f3173f7b1b7b49da227

C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

MD5 545ad00e8b8793175869fc25bcc99783
SHA1 f2fb054eb7104499331edb878534584786a5786c
SHA256 9c018758c8d56f644bdca4c8fbd520d3d5b201d57a4647223f13d708eb52dfb3
SHA512 7f1590f33fdf7046ad44765ba5100240b085b752572a1f1f1ac87e1fc810b2a99275234d97a04277011f9ce69d3f509dee1d6466e6dec596c125a71b6f098548

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll

MD5 1fb62ef7e71b24a44ea5f07288240699
SHA1 875261b5537ed9b71a892823d4fc614cb11e8c1f
SHA256 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a
SHA512 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll

MD5 0fb91d94f6d006da24a3a2df6d295d81
SHA1 db8ae2c45940d10f463b6dbecd63c22acab1eee2
SHA256 e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8
SHA512 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll

MD5 c1fdd419184ef1f0895e4f7282d04dc5
SHA1 42c00eee48c72bfde66bc22404cd9d2b425a800b
SHA256 e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7
SHA512 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 e46bc300bf7be7b17e16ff12d014e522
SHA1 ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44
SHA256 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e
SHA512 f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll

MD5 7041205ea1a1d9ba68c70333086e6b48
SHA1 5034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256 eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512 aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll

MD5 e87192a43630eb1f6bdf764e57532b8b
SHA1 f9dda76d7e1acdbb3874183a9f1013b6489bd32c
SHA256 d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf
SHA512 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll

MD5 8fd05f79565c563a50f23b960f4d77a6
SHA1 98e5e665ef4a3dd6f149733b180c970c60932538
SHA256 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll

MD5 cedbeae3cb51098d908ef3a81dc8d95c
SHA1 c43e0bf58f4f8ea903ea142b36e1cb486f64b782
SHA256 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0
SHA512 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll

MD5 13b358d9ecffb48629e83687e736b61d
SHA1 1f876f35566f0d9e254c973dbbf519004d388c8d
SHA256 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd
SHA512 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 c9649c9873f55cb7cdc3801b30136001
SHA1 3d2730a1064acd8637bfc69f0355095e6821edfd
SHA256 d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f
SHA512 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 bedc3d74c8a93128ef9515fd3e1d40eb
SHA1 d207c881751c540651dbdb2dbd78e7ecd871bfe1
SHA256 fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32
SHA512 cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll

MD5 769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1 b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256 d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA512 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll

MD5 89766e82e783facf320e6085b989d59d
SHA1 a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed
SHA256 b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90
SHA512 ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 b8bce84b33ae9f56369b3791f16a6c47
SHA1 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4
SHA256 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8
SHA512 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 77e9c54da1436b15b15c9c7e1cedd666
SHA1 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360
SHA256 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658
SHA512 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 540d7c53d63c7ff3619f99f12aac0afe
SHA1 69693e13c171433306fb5c9be333d73fdf0b47ed
SHA256 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36
SHA512 ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 6486e2f519a80511ac3de235487bee79
SHA1 b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA256 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA512 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll

MD5 a37faea6c5149e96dc1a523a85941c37
SHA1 0286f5dafffa3cf58e38e87f0820302bcf276d79
SHA256 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e
SHA512 a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 6e46e5cca4a98a53c6d2b6c272a2c3ba
SHA1 bc8f556ee4260cce00f4dc66772e21b554f793a4
SHA256 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce
SHA512 cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll

MD5 c0c8790510471f12f3c4555e5f361e8e
SHA1 7adffc87c04b7df513bb163c3fbe9231b8e6566a
SHA256 60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80
SHA512 4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll

MD5 fbfcf220f1bf1051e82a40f349d4beae
SHA1 43154ea6705ab1c34207b66a0a544ac211c1f37d
SHA256 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d
SHA512 e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bef17bf1ba00150163a2e1699ff5840a
SHA1 89145a894b17427f4cb2b4e7e814c92457fd2a75
SHA256 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328
SHA512 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 4394dafed734dfe937cf6edbbb4b2f75
SHA1 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a
SHA256 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345
SHA512 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll

MD5 18bdfd4b9e28f7eba7cbb354e9c12fcb
SHA1 26222efacb3fce1995253002c3ce294c7045cf97
SHA256 3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154
SHA512 7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll

MD5 a3f630a32d715214d6c46f7c87761213
SHA1 1078c77010065c933a7394d10da93bfb81be2a95
SHA256 d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562
SHA512 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll

MD5 7ddd5548e3c4de83d036b59dbf55867a
SHA1 e56b4d9cfca18fb29172e71546dc6ef0383ac4e9
SHA256 75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef
SHA512 9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll

MD5 77c5cc86b89eed37610b80f24e88dcc2
SHA1 d2142ecce3432b545fedc8005cc1bf08065c3119
SHA256 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6
SHA512 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll

MD5 d3d72d7f4c048d46d81a34e4186600b4
SHA1 cdcad0a3df99f9aee0f49c549758ee386a3d915f
SHA256 fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116
SHA512 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll

MD5 c99c9eea4f83a985daf48eed9f79531b
SHA1 56486407c84beecadb88858d69300035e693d9a6
SHA256 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5
SHA512 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll

MD5 cb4a19b88bec5a8806b419cf7c828018
SHA1 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d
SHA256 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7
SHA512 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll

MD5 a992f1e06c3c32ffe9799d4750af070a
SHA1 97ffd536d048720010133c3d79b6deed7fc82e58
SHA256 b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f
SHA512 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll

MD5 c7c4a49c6ee6b1272ade4f06db2fa880
SHA1 b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e
SHA256 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f
SHA512 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll

MD5 ebac9545734cc1bec37c1c32ffaff7d8
SHA1 2b716ce57f0af28d1223f4794cc8696d49ae2f29
SHA256 d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26
SHA512 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll

MD5 65f2e5a61f39996c4df8ae70723ab1f7
SHA1 7b32055335b37d734b1ab518dcae874352cd6d5c
SHA256 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab
SHA512 0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll

MD5 7243d672604766e28e053af250570d55
SHA1 7d63e26ffb37bf887760dc28760d4b0873676849
SHA256 f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18
SHA512 05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll

MD5 6f9f9d52087ae4d8d180954b9d42778b
SHA1 67419967a40cc82a0ca4151589677de8226f9693
SHA256 ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0
SHA512 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 56486925434ebcb5a88dd1dfa173b3d0
SHA1 f6224dd02d19debc1ecc5d4853a226b9068ae3cd
SHA256 4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce
SHA512 7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll

MD5 2c8e5e31e996e2c0664f4a945cece991
SHA1 8522c378bdd189ce03a89199dd73ed0834b2fa95
SHA256 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979
SHA512 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll

MD5 a639c64c03544491cd196f1ba08ae6e0
SHA1 3ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256 a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512 c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll

MD5 0bf0279c654732bdbcb1a70fca4f54d7
SHA1 37983b9b2bba24b4133e3f2818a9582b445edcc6
SHA256 e7a79df6c20a89e5d4fc11863c05749b6d143ce0d19f36f96108dd72147fa8e1
SHA512 850732f30f8c18a032164f5fc86f5d26f7968f88f2eaf6f49041518002016df0824a517ea42c679a4fa8b2dd2f9c44273ac816f2ae86bab7db8695f8caa75c7c

C:\LDPlayer\LDPlayer9\vbox64\EGL.dll

MD5 d21ea8528160b126493160f82903a7e9
SHA1 f86229bd2b6675ef2c19b7e028ff16f9c91f1d03
SHA256 14cd4218168d89841151e11b4ee5f2393819b30105e6c5555be444b07ef40ddc
SHA512 a4240c0880e871b73cb1f247b026b570fa8ea0d71e64dc41f919e745f1b2f481a9948b8ea31222181e7a3cff8d77a71ad508c741757ea0191ddb695ef3582f49

C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll

MD5 e9e97d04b3e3149242e02c486e5eabd9
SHA1 188d6057948cead4bb50b62e2cc08148c8bf887f
SHA256 3d8b3fa2d761b5a32e6be013aeee8a54d4394fe8c4f45c8c550782b02a5884e9
SHA512 c35390c04824b3b1e852290c752de6d92f717e11848726712ceb6e2242a7b0b7e83f4867f08898f7008cc8b5fcd5a0ae905e98cb4d9630aaae6c4fbce300d30a

C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll

MD5 3b995bba6466aa3b90e7835fa3b79985
SHA1 a7084701db194857dc3a24a17cd2fdb6eed7eac2
SHA256 b81b2f3477832b5af23fd8a037fc101e98a2e39b99c1bb14f3dab5183cb1e804
SHA512 3c3bf63c1bc67fde214878b13aa4ee54ef96ae316102c3fa3628eedebb7b52e0ca307af2b7ce069a922b102c027099d16f8943cc93b4d0916cf8f1747fe2f929

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll

MD5 e1debeda8d4680931b3bb01fae0d55f0
SHA1 a26503c590956d4e2d5a42683c1c07be4b6f0ce7
SHA256 a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d
SHA512 a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd

C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll

MD5 b72698a2b99e67083fabd7d295388800
SHA1 17647fc4f151c681a943834601c975a5db122ceb
SHA256 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378
SHA512 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0JL7XZ4Q81GGQOSP5JFW.temp

MD5 304849013320850f0c751889a376d2c3
SHA1 a23af3682a45b0855d842213c4f680dd5418f511
SHA256 069d8a6cd127ba1ad9925b67447efca8155fa4ac1fce929c4aa92078355d2d10
SHA512 81d92f457489a0a6bead7859025de40f9b40e13a716d04ad4650d4a3966ba79619ad42c1b3ce643b7c3aeb6391aa9ca60d3ac5489f57f8c6e4ebdfd29ce50f54

C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

C:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 2c8986ce6c1c5fcba4146f642e95d862
SHA1 a913254e6a9bd1db7825f9880a992f21a6827bd7
SHA256 07285fcc8e65f164c8897ebdb63dc44801dae28782a6b2ee5f3469c64952efd6
SHA512 a5b074ad394b75f2597007ca732f5e1b877fae483122332dbcaecfea0c6c52a658df8b5844e60280766fcd38333dfac3a259c159c405a83ea6b78691405203d5

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 03746b5d567927bdb69499ec30039d8c
SHA1 93b08624bd80ed01c370e0ba9a2ee3824edd8733
SHA256 1e3b7a0ac94de0e7209b19b709a0ddd2effbc1b98437a81b3d3dac853ef54b77
SHA512 abf608e020e732407524b780bed7b894768f9828dbbecb1a66c9b6d8cb079380646bc228dce5f1bdbef4b089b241574a22c79eee3271a623cd05e7754ad83e19

memory/408-947-0x0000000035920000-0x0000000035930000-memory.dmp

memory/2628-985-0x0000000002040000-0x0000000002050000-memory.dmp

memory/2628-986-0x0000000002050000-0x0000000002060000-memory.dmp

memory/408-988-0x0000000004650000-0x0000000004652000-memory.dmp

memory/408-987-0x0000000004080000-0x0000000004082000-memory.dmp

C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f856a2c77a1056b20aaefdf9fb4204c
SHA1 ad72317d1d9414d408f649ab03904977a36bec71
SHA256 ff5ae26a59c7cb1649bde18a9ea860aa4669cf83208f9d6dcb1f62a181ab6578
SHA512 fcd8a00800090100271a60c62ee091de16ed5144cfca03661602a2fde88a92ce9e608f576398a51c70464082ac89077a0130a21f18975adcefe82bf4a53a3bb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b47554fc59ae78d0c9f8c5e1dad1c162
SHA1 0026db2cfe5110abb22b49426b6cae209435575a
SHA256 8db633daa07493e09781782c905ce40d0b9b433b1e9426b435a99fdc16af3e80
SHA512 ad0d549babab23e66f3bc3313fe0975ebabca86ca6f03d29d67279683498a94c950388f72956d5f1898f0e2b9bca289e346d30513814431daf41fcb9d19c3b17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d1b361e10f3916a246df16f21086518
SHA1 70b2a2a08ab3db8467fb370e1cee5e75be863dd3
SHA256 61b3f05ad5c57e7ab523a7d065f7440ae6b3eed5df4ad58424ee5ef8516fabcc
SHA512 d148549bf4d7b92ad04a391f751370d39cfad8d265e9b9b8e4fedd21047aebc8444678ac9a70e401d86f39d7690ebb9721ef76eb11b3d03fd36d8917af8c0afa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446847131c222eea1924cd0bb31335f9
SHA1 b721937099e313e54c9471df7e8b0aa8e4b21752
SHA256 0a83591be380df909ccc529ea5cd357500d83a2a8b146ff4cef8c0384d0e77b8
SHA512 b5c138145a7ff83a8b415a676b6c3166bd0d87b9b6a372ca7ae4349d0ae512bbccc6d66e1752cbd2c00b8d3e35c623a149e40a77dc8df9b6baf043953fc46a6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76bf5efeb69442b9147d1e8770395295
SHA1 2b26b5cade458b4e6a0341ccdf688e320bb51180
SHA256 f7d69ad5f76e4a40171804837795290853e5de3045737c0959565a849af4f6d4
SHA512 a563cac6c9c3e644b84461a56f3512c1d5ca1080584ab9779818fced7397e9309e36747e90fc74897bc98c62c4b300ab20e66f77779af6b1811b70d8acc7e9e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1441c9794deeea4729007e5a7d24c3fd
SHA1 9d3c9da7e73459892815c172e0593fc9ff8af170
SHA256 1d734c97d673a7bbe342aca6800dc522d85c60a736c2ab98194b7ec83f805efe
SHA512 eb2c3d6b473791a694149ef690ca05316399d930cc9322133cf78b61cd66c4a7b5098b70241de457ecc96e79f80dadc938c5717fa08ff6f8eec93c5edd62f93a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04f2b8b33479da50eff4aa1deb1e37e5
SHA1 07800cdb75e8e20af41ed5cdcdf9fd24d68d2707
SHA256 830bc827bf601fd4eef1871820ae7a415190fda9b1bf13b8b5408736be8f30d3
SHA512 6b460352f847d464b0c1aa5f2e2ca7fdc5494b6374b1a2f14217020c170ecbf062f637f1cc4f269c89b4088f4dd695fb2dd0992f7a1622083a9774921defa9b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f20be21e68f735bd808391b2551f2127
SHA1 4df371231fcab47fdcc17cb7fcffce9f3990621f
SHA256 071abecd9ea1486eeddbc580236cab792d93ebfa406cbd57ce75f63ce0b6d5c5
SHA512 6836905e62cbe1edbda9838bca874ce2eeafd527a45cd2aae91762a2eb7a3d9c4dc3b76b86bedfcb39077c27934ce23ee6311c754d5c8a28266ba1f85bd79767

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 184deabae4bd52431d5f2f3dc884171e
SHA1 6ba9af8c3f67588ffe7dad062da5d01ccb84c0f1
SHA256 0de3d44cffdb24ca832a1a2607542ba062d1897dbfb682f085951cb4b0bed76e
SHA512 65e0ccfd29997e61604a87377dc864063462db3f7cecc21a2767bd1259fb9d26f2475dd31c68ed8f76e215e1164502dd63e30b7aef19d85bafa5f1801ca80c55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eba3100216d2c40ceb91ab3c0f1487c7
SHA1 f26fee8dbfb41375c100713c48e92d415f76d643
SHA256 e44613cfd222a65caafa4386312ebfb50a553be2d64d393c98378a44338a1c1e
SHA512 35cfcd02a4119bc5cc9b05facf671f4c2ecdaf22a653a8eda85092ca214186d69e66875f3c48ae6ae7818ea05c08422201de6d2e00feed058ac31b83e83fcda8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3f45d8143e7d4a47112ccd302f601ed
SHA1 f7c40ef52cd4e4b8946b33379d1d801e71b45450
SHA256 e4d4a761cd87c8b50060fe6de4d0bc8c1168b77c952674b4f8521f6bc42106e1
SHA512 197ec4515d9bc15162cbbc44554a321140f6407fdd78d6c2bf3eec59a8fcef22dfcadab584e75d505c3a8a01c948644521129a8e61b6edd9fc245d5eda5798d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc03193ddee0d14e0a5e97368726daff
SHA1 fccdf7cf59cff81090a6b086fa8322bca4a058d5
SHA256 d7e8fe92de6aeb5ea9b7a263b2d11335597aa23ad0e514b228b12eb0ca25237f
SHA512 feca3f1142fcd3b151c8197f26a9f687feefdfe47d707d38e97fd8130c8759b9d17a5611b2e0718a490eb184a6181872176d0e0c122f76c455c515ec6efef2e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56b2e205fb92313911c6d95226c4ccbc
SHA1 b1a0041278e837e3c301ef8f6f092082d3e8f173
SHA256 7074a91d13148d8f9e6e08161ac5cfa19aae760a2c5499d404e2ca962003a397
SHA512 999a8678d9500fcc6a2d58df058960850acbe6830ab625df5e8da9e05f8ee528446c19f788c43ee05c00cc1bf202abe43b11b0f9520eb1b1470212d3a5c40622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5714a21d0920c21335b3a88b51f70575
SHA1 a233b3f5efbb3743c38234b3b2dfa0ac687dd0a7
SHA256 716684287cbde3754885cbb04828c13e83b65ac18bcc5dad9335a07a23062c2b
SHA512 1f729e670164a13a7f9cdab6bd6f8c330e77431630e76411c8d3067aeb0446e8acb10f425f5598e0b830593e02642114c5c9cb101e1da6c39b3c0267c108dae1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc403b929a715c086414f14120c63f84
SHA1 4537cfed73efbb3223780cdc59db04dff58ca998
SHA256 9e8689249d4e435105be4e785629ad7ebcfd68224ebd941e4049d267143c1518
SHA512 6fc2c2cd20aa5a4cd6c3cd630293d1a740ac4e63dcd547001e5c543e7c10bbcb7af177a61494948339fd4313e1894cb9fd67356fee98c76d1b24f337da387d05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b14e41de60d1c898149dd57a9120109
SHA1 6c6a5a7142909e364fdf64cabe8fb3c7c22aa7ce
SHA256 5619f8465e0d85ca55a96ce650b592ad2952ba7c475fb1d6ca05b8fe593840f9
SHA512 6f8134fd5ec5ee8a5ae2b33e4e8c465aa0bb6c74655b496f544de576daabce199d792eab788e17b1b327bc4ec975d7e31b90f91175f15a26000d96a9aa0c1085

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c584baf458416472f5546c16ec78430
SHA1 251df8586595d857d4fa6914d8eb05e3d18b8f3a
SHA256 a449eb18d0712b490406ffb76fdfb766a03ce9c9856b0b8b34e0708aefad3a5d
SHA512 85a90eaed236ada0df55525b311483be0a9e6bbfc13b47204f90ba97712a0f910846df988e3c5c7bf8134536a458e0b2b141e17a668c6696cc7a881f98ceb615

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 224251b2f337f2bc7dfd930ebf331497
SHA1 d068e5591242189420a943a54b81753a4077c26d
SHA256 71b9d3115ef158e4cf934b573b6b19712aa322bef2f137f4d80be03ffcaa85cf
SHA512 0a4d970624ece57f0d4b1131bd3510748ba9ab1fdde2c42124e8441eaeceb85ffeed26210c043c86dc00d930087c1a7db353279ddc89a7c3f11788f94236fb9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02c9e35a361d823880039b46461fc1ac
SHA1 2a28b3e757aa71418d9304e430b4a448c78bb503
SHA256 6eaa399b86d1b80a8c316beae1b994a66dad782a838913daeb7c7908defc7cc7
SHA512 5e6f5397b18a54b8638f77db49f15878076dc4bb02be47841c0ac69ea0d692218c4f4cf35293558b439953b31fb74a7d71f59fb1913e3e0ba708b543697c9021

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcbed8e138e812710b482f1301e486b4
SHA1 03363127934608dc37b72a40a8935d6ebedb0e5b
SHA256 cf7bc534c517ee6891481391e85a5aadc079d57786488025969fdcaec4b54152
SHA512 0b3b896ff7a375fed61ffa151a9ee6efd173aa5f9ba27b98b6ca84630781c2114f4facc291d75e0f32a46a453eb607786a89b54371ccef7ae82f3b92ad0a2b66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea72aa6705f4a969c398ccb324b02c9b
SHA1 0b716982e9cb0264a64b0508b851d60b3a6c6ba2
SHA256 22540f4ca8160a6f145228b27e6451a2eca54d971e7a709e0476c9d1fe3c947e
SHA512 20687b76e983e180f226cf8eb52393c740bc9d51d95fdda2c336f4e4e1c29f862163f2057c09e75148cbb0c22c2f26b032f91e002fec8615a18ef9d5aa1bf80d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1db51232c471a979835fa8168abe649e
SHA1 04033c38ed6e7e625683d451566a29293cb52a25
SHA256 fa6d76df802b51d82d1f987fe055bf8b15ffd8d6bfb14fd4b461996f71b3e0e3
SHA512 7131c00edb303526f74940ef566785653ca1621cd039c3c7480cb06efc10f760993007e11a887cb4d11bbf0229fb34e8ad585b54a7077740194b57992e916fd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bf03561c8c01cafa3a3f13a6b956699
SHA1 62efb24bee4116cddaf18ab975ad4abfc805c064
SHA256 1421d51f88550b1b9df91598283d030218d77286c2df00432e45835957ab4e8b
SHA512 241d1f19e6d8787afba93b99c17ffcebc1d7e2b68ea0538709560215cfabe06088f8233d81d4a4a748d03834acd9c0075638623ba1917d6d574bbdea3ac91be5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f84779cc3e4ec9aabeeef9038925b998
SHA1 51eaa2c564451a3164861df58560c9aac8edfa81
SHA256 8604c5f3462ab2384644141efc403335808a00300c2c2886dc7e4e89849cd7db
SHA512 a92328cfdba31882ca32c3d32dfc29a1342496631387a754d3e43ce0436026dbebcb7c4dfe45a5415773366a5fd463b52019c74c7cde4874ddc651ef974b5544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d38f2bf2255a0c991695a0bc6a4d495d
SHA1 c1c5a38cd72ddfc06393013b06659b09128f2eb0
SHA256 e76d84b07c9bcc3abf500678571286f4e733cada9d33185cbd20fc602008da88
SHA512 3d7d8f4eb84bd5a915692448551eb637827c35f5ae09c489e01b16fab12f4d344617a1bd51b1cef39e4d424fc39dad18c87061a0307be4036cfc2526a56aeb24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d276c11982e688ee7a4c048152f21dd5
SHA1 7c8cae3f4d28f0c6a38c83927900932116aee876
SHA256 f55257ee46782425ef5f44099f37811f4633e5e8ab1e956c298c145df99fe738
SHA512 2341f484949dfd596d1d289c221585971df2399497954917d8a6116e7a56bf4ab2323e830f47cf871b121dec6d1280a6fbd890432133777b9bfe91a5ad670999

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9eeeecdc3f7fad3d9a0f2b96f1472a6c
SHA1 b67003a97f70a82fc4b787582e8b669b19c00780
SHA256 0108a347a88618cb07b4978568bcd44bd19ab10ae9efed0765c6b9d7ec396102
SHA512 9fa496c70997155d4a5706c734f8d232b279d3c0f0c2da765f283451fa8035eacef21eb5430dd413904b91b9d610cdeaabc3ae389309440dc94753ff0912cc84

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LHCGL6HA\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b01dae1e5e9068e049e29e7f9598c2
SHA1 93612a3870120cf18819a4abbcc6e61ef0ee19ac
SHA256 4bf934a7d2ca549237334f7a58888575d500fdf75b3d958710a113ba5b51aa4f
SHA512 80362f2ebf67ba9ad8b3737caff1bd2ee3f7c3331cc9f7263b035f2fcdc77d7bde2a974d1f7e770bf2f1d9bb4d0ce5d51b2bd43bd77e1f434e75d48e8efdb808

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LHCGL6HA\www.youtube[1].xml

MD5 dd7b3c7b66a8f34341029a917070c121
SHA1 55a16ea1436004a43e2f4ee9d3f551f9b05901ff
SHA256 d789401c9fcbdeb3441e3fc9a44342462273a269a4d417de4bcec3ba9d08df51
SHA512 cc7b96ba263c06161ff9c61a7608d090defbde3083afc686bbcfa9ce86173670a9ee66232e93199b95c85d550090aad163918b335ed39ff7c5502313245df44c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1ba26d0cd37a4720831c20b5921f262a
SHA1 29fd91887568d703dcf9955617fc7fd1d47a67c6
SHA256 d289706d76d4703468fb406c2c27855e6550848737da5c5da14c17ab298047f7
SHA512 874e61a671bfeb060f5e83a99dbb1122b6d957585c59ae304e2940b828e34df415d3e1df2294c8b76e6979a05864dc54c2faee8052a457cb8e6be80e358baf34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 253631f407d468177dd452cf5ff953cb
SHA1 ca43fcbaf134e3a8dcdaaa20220070299932bbc8
SHA256 0ba2de533b88e67204a1537a24f6a6e085fe00fe4c79b0daf668474299a57533
SHA512 b96165f8a01cd3e20ce1232c9ca567d5b6c244eb89f0d247a69d8847ba1e6da92755d38355ea3d78d01ffb2946c127ec1f9bf326285475b6dc96444fba95d075

memory/408-4662-0x0000000073460000-0x00000000734DE000-memory.dmp

memory/408-4182-0x0000000070CA0000-0x000000007269B000-memory.dmp

memory/408-4691-0x00000000706F0000-0x0000000070C96000-memory.dmp

memory/408-4708-0x00000000733E0000-0x000000007345A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8948b0f0e880198b4a8bbd304b11d358
SHA1 660fb5770a73b7386441b08b75f6ab0be378d624
SHA256 aafa325f343dcbeb56cc986716177ca8ded932150eaf3742c8fb1cbce730d446
SHA512 474aa3e1f4b0af82796c0ce9c6e7782c677bad7977a7e43cb417ccfe80aba1aa4265cd55f70cb7956cfd11ed24432325da450439e3e556de19c0db75920624c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c5ae4521d84cd70f4f48cff6217cfb2
SHA1 1295687e0c0d0c3fb400ab3d750ed5e2da599eb1
SHA256 4f06ccd6aae5c90eb97c3839209ee14791bb22da627071b10b67b8caf65c45e7
SHA512 977806b2d28cff666c0fc64bc4f23dcdbc8316257237634715da55acd8714481743b8fde1bbc79a7228ad5622f23b3d9f39618351341ee42ce42ef94fa7711ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf931731937f735be5f92c849c2db2dc
SHA1 8045a0da997651814f0c272d87b7c92dbe8e51d0
SHA256 0949a81457ce06f36b7c13dc3c3de17eab1ccb0053cc1a7b3903e33ecf470411
SHA512 2912351489cf12c5354f205517c8ef4eed037b014ed7f625d7c3b685093264b6b20b6ad382a37663cf8e2479d55209337e542b0e781c3fd7de4798e4a5bf489e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4615003d6e30982d7ce3c354962b176a
SHA1 0d5a389194a8acad60c453500086f977686809d4
SHA256 6f24d3e09f88a1573744818dcccb7eefc2dc1d8c4d343177c8583ba59ad1ca72
SHA512 29d0fe70f72511c2cbbeda358a416d00db72dfe57f04ff789a1d72bd4f490a0425aa01747c24d3198de3086c5ed58c1493951d6558bc5ec25e8480ed9159c1ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a16ea46f88b403ecd626821720ddb3a4
SHA1 ccc6ca15b684d979f04f0ef33727bfebcbab41ad
SHA256 fedb4b325fb065aeb88098c7614268866825e60a3a82f7f1169a3157d57a8d32
SHA512 ba33d48779422f0d65ecaec30137b5be768b213492d9dd1e5c9a639852ea65baf66718a2f38df7cc90099c58d5a834dfe24e78be67a52be1ed0d6f8b4a9c9ef5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45c1e95530ec8fcec2194ace7e633520
SHA1 81a5bb05f7e66cae5830a18bc6ea50931479d5e1
SHA256 babba3820c52305e1195efef7a45d772fc60aab7cfcd20b27ebc0e13bb5d08d0
SHA512 3ad679b68abc8d703bd31168d2fa6df562dc9df34d54f2f2c60b6692469fe79fa6d7b4b0d0f8acdb4e96a3d998ec21526ca71531b923ad4f17a2f98cec7096fd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LHCGL6HA\www.youtube[1].xml

MD5 1703033106afbb07ecb76f5234124b92
SHA1 d62ba29197dafd4e6620d547062073024127ddd7
SHA256 6faa39298fb243a9d198063751a55df492ee38be519da54c1e528814392c0162
SHA512 c73505053b08cd18b2e5447ded896334be3d761aa69a5372567da4e2c486dcc0d23281332b2f8ac4f3671342f11b9f06b8ef46813bbe8ef4a271a8abdcbbc5a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01d1dcac3574f52b934ba01d2f0c457a
SHA1 a8a47444c6ee4771c4adc067d0a49d3ed0eb6913
SHA256 fc84a693d9db70e5d7f43b9f34267211f346801ebdd77b2ca74f57ec6aabd003
SHA512 2efa663e394ffb673beda2d5f96ca89a912f314156217f4abd43772ab85b32737d00144473c36d13519034f3e2cdbfbeea2cfe3b36e58a7bb7a42ba0147ce579

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3ef900f311af760661378a68c9f9a98
SHA1 fb7f21b4f48a518088f2a2909c403edef7056fa5
SHA256 83e42510c127acc51ca245898c72ffaa8c573b7267d9eb225cd394c6f5a242c7
SHA512 bbdf77afc7b5f2ee3290f7fa948543a2de3f8c5c6c02dfd7fdfca52ad52b19993a1292a684c458d999946acde0ca2fa659c95a4bb8fd5bfa29f66a414fedb3a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab1768889fd9e2a797b0d5720166aecc
SHA1 03a1d427a64ad4e696d8cb944d1b072d14dd4f48
SHA256 08699ad945cac42f58b0d7cc5cd58270ca4f3efe2f96a1747b5ba20ff6da75fd
SHA512 53f843d6042458e164d72d41ebd7226c8bbc5baea938c081a885cf1eae12272c79c9b3ca53bc899e1306f5159473c5c69082a5efc1ffdddef32389e8adfaf428

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cfda96f6bba01236895693c9770628b
SHA1 8d82657c264e8e348bb95a0087572688d52108d5
SHA256 d1859f562a624f11d65fb55bea645cd4f0f973e7df39141111bf519990395c3f
SHA512 59ba791330e41b3bf65670cb44180318690ba11cc2400364592c174201e2fc56e1b307161346051c64e0c07f8081db57250569dda843b8667491256e0d7d9a06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a68a073552585421c3418761e264f322
SHA1 7484bde6e8c2a9b055464f455f305780f42b97fc
SHA256 b65f2c728b3eca629c79ce5c9800a845d879f8321351068946bb77f97135560a
SHA512 ad086bdfc9127a7b85f20ce3629ae59abce6c7dd7bb2e88c500c83f0d7dbc5f5f85da1351431720a6a5376e557dbd0b617f3d2e282656d5390d67e9d9265a711

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15d0c0218bd68fa98f59dfdc00a0a6bb
SHA1 befab2d83a74b1e6e167245da9cbf8a913063800
SHA256 8561f965b6f48119ac0f667cb50fd300a3c8c63ea83493d4f470ae93dc6f1d70
SHA512 c79b54667b316216b7d3d2e70db312902a9ed7f373bcd62130a7d2e3385249cf7f4383c05b219406faa80ad0896721b6220438b6d8a60a35433f100362556f23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28d989e6a9213f1337be70d01e1ef16f
SHA1 3e9a06827f60e4098a4a9fa0f9e7e0a6c5833817
SHA256 7f0909678f3c4287de6e49a2297f3038776a5de76448c3e37be067110a40923f
SHA512 4593ccf8f707cb418975b212b93de3c883a9831c9337fdc15dc75be518d4c77da23c5ad9a7b44732ab584e7f9f101ce3a6f5f5e3bfbcc0314a1bddfe02df00d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 888274809437ac08fca75939869ccd40
SHA1 5db7c0246a4c1abdd2b01d4717fa6f084b11d1d2
SHA256 fb772c513171ac1b5384a8c7f10ec21f8211ec2cbe26b9075734eab295ae1380
SHA512 620a2e01815be0fa8c249c35a062d25dfee84f1b2bf7cede8abd7c0d5a62415d152ef055ac8cf0bea20ae391dafd943c0d7ecea620501881caad9d2e0829b2a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd3bd025c6aa1a0a7214252d937f00f4
SHA1 e6e1d5af6225d4c2dbd68a3cb367a4e76d36f693
SHA256 61ab55e327ac63cd90eddb66e24ef878689ceb87d32d6afa4402c7263ac275bc
SHA512 4dbccaaa4eafc372b395e284830a1c071b2e063fcacc5f3228f797c60d287aa80cbacf5286a14ee8271f749e2998e88530a9d5301151055182a2980abeebac41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8e8af07ae0e7dc642eee6a16848cc0a
SHA1 c8b76c2a27af460e93656bd4c459e6e62ae968ac
SHA256 2b8a2b01e30635dc6bea86869b1d4fd7c7c7b0882ff14b5e7cbeac007ce7faeb
SHA512 343e538f767f544ad26ce392c1dc1ff4712252d80b4f2c83e814d2d24f27ebb0380ce50012b0564e8e918053f8db8117040dd655d7e411492ed3047d191e1dd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b75acddb1609ab6c8519180ecd44c32e
SHA1 442b50be4019c0dc4a6c22b0a85634ea056f104c
SHA256 91efd8ae45c3f373d3bd3240fcae8ba5faa315d5afdfae0b9dd44d5c9d9b232d
SHA512 3b903527bc420e6e2b87261a244bcad97c767e7fbb957e0fda315e2c1b03e17a8aa9db5a5605cb6600dded6012101d83240bd057a62ba149cdf547cb2e59dc3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3840b74ef224983bef19f29e2a93984
SHA1 4d55dce07999ab66795a4e25b26fc9d9c0744b3c
SHA256 001a96a92c916510c9c7d558aad4188f2957d4a3af0e2ecae6ee024c89406829
SHA512 df88c1f62127d90947a2ab4c6699e0df2472a090102081fe3142ace72b95974ff6d2cb7d532651e4068fece1ac24a12a09d7964df4a63e93dabf7d1025dd3e62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c01ae9a6768b9e625ed0f0d471341526
SHA1 4d87dd8f5a0ad7af01073bfde2fc76aa979853a8
SHA256 ec2ea64d47c3f9368ae03f0bf8aef3ca996af722299d33d69a071c86ee59a2e3
SHA512 1394e678b35cadd8271151bbfce3dcf9343dd12a9b6e7bb802dae27bfeda99b909df9d8e4d1875dcd9fb9249f87bdd516445520e5f83726388a106fd04e08d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86549ec0509049f24cdf464056403906
SHA1 c0d5bb97878bf39d369cde9db812d59bf88aa4ce
SHA256 887bad87033bf8a2ef1f5bcf7f2b48c4f2e9148611c98fcac4b23f2aaff24a44
SHA512 f718da289b95b6f4561b63a128eba9db32e7b2d2e52ee4b72620c94d5740f4b9582397d931eb8ae33d23796d42ebb132f137a81b8ab6a74fa625b7e4199f738b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6057feee5f826f2cb778dfdc38e615de
SHA1 8cd4a83658dab7b40809927858a19cef92733380
SHA256 6d10b33b8b07be373574304f4d60960ebd7595ea7ca38ee49ce39433718d5db9
SHA512 b6ec34cab2c674478c90e706a15534d29e42188c2fdcdd96359a0a29ebf9d95020afd1b4cdb73152db6e8a98579e092ed1960a7a1903e214cfd0c7acae5a2949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9bbb1827b099c9eaaf166b497b07fc8
SHA1 7cda98fda0afcbf46a478e0ea7fce5840dc59e14
SHA256 a6041f03396fab11d12b1abecd409dcb9231bdc734a6262f7ee701d7a2a0679b
SHA512 2fcf3a838255ab5ef9d48a39834cde0d4a444799092a8a7c181ed16d22d8b9a75f93e29835829798f219da5de92f1a4d6a435b5cceb04941e1292e8f0770aca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73bd5f69b2a7ff5d48412555cc680354
SHA1 36dfbaa93dcb76dd5f046758d7f6bf9ce0f97341
SHA256 46ee6e2fe153c52349c64b53d8e7550126abbf6374c0c610160778ca8d58971e
SHA512 ba23d903d07c5434132e3ff797dda019cc9bb97c57c0904cb9f65645c7828c33e8ba2339f236b641c88f28e72bcbfebb96fbf6e9bb1cf1bffc2b86f360391ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f5ac7d3cc34e629c58550d47ea302f7
SHA1 8b5744c9cb78f365bc0e764f4a50526ead1f2adb
SHA256 2c75a6a5c9abf75376f5ae8efa1d854923da35c15c7438c2c5b941ffc1253e38
SHA512 9dbae9130dfd05bdb550b611c87d46a056e5f48e08a133fdc901449d97c2b69ffda4d692944086a4a9219fa73fd47329db1441abca075ac27327ba90afb0cd92

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LHCGL6HA\www.youtube[1].xml

MD5 49ec188121cc6a47c6fe294207fc930e
SHA1 4f84a0230a8bda25a3e83f86416190398cac6bf2
SHA256 09fd0de6f1f41fd68cd2e56389fe391f813cc1487a79ac1e706603a4a5f5d988
SHA512 708aecf14de76eb60e89f87ca1177cf87817dc15f63ecd531d4fd0fd6dbac13b57bbea51a8c06661b7918f69b46d9699b315566dbf6597701388acf77de3b632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70fd6399118ef95efa8a5dc6942e86ee
SHA1 71302e5971d070a01327130b67fbd5165394d9ee
SHA256 5f6f5bf109ed4e58e1e95670d8e335b20aad995441ddafdf653fd479cd724d70
SHA512 cb23cd9b311a8354adc4dcf11e1d9fe516c937d3f958cafde2ba6aa135497d07f9b3835a566f4db4680708c07c6b661dd4c1246d1c4ed5cb4e6e0efd18171cd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fdfc76d36592b6554efe543716c3e73
SHA1 b3aca6367bf33666a7aaffa0e680069f897d28ae
SHA256 c3e1d06a3a6200f9de0738fcd769e35e4e00d73999d29e68e48f1c63b4a746b6
SHA512 aae55202d25ab2d149a2a95560a932f17906158ac9ce4ff6b1a3b128bb03486bfb3abf48bd9fa9c7d5f6dc3ee1e4c2687166d5e1a6377a10583aa05cf7aeda8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6109b07874925a5a3bc80cb1c6c06713
SHA1 2b504ad1ffe44b61d235b66479f926478b1bb98b
SHA256 ded63a980c2bed730be08ab0d56a2b4a43ecaf46bf7cda0bf27fdfce8c7fdf8c
SHA512 a56a4966a468e3c3e6e97330fc425d23b2f1b6bf4143075ffba6f5690aa4669a9296813ada5af66917da1cc3ccb76140ea1bb256595166fe0428e5b252f02872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39b3f03a1a15bc594eb6e80b8053d6b1
SHA1 a7a48d180be2c18855413f4ded786d17ed9a4286
SHA256 991fb7e676c47aa4adedc0f44cb3e9f4368a057a20ad3d38ee6bce220d230306
SHA512 9e9a0b9bdafbfe14e793b96d768f092d2c59dbc481d2ab8a41c27f7659a30cf863bb4dd97d611dbfd0bde424bdb3f0d2026828277029bde8018f5b8cef21e42f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 089374a43cbfc194f6b7e3f9ad3a9b18
SHA1 a7ae6b58f3b4c9130807c4c86f8b9bef1c336f3d
SHA256 12092770c65300b9cd482b2b511d5e59d7f15ad71107cd9c4193ee7a8e4383f0
SHA512 82d4751b7a2a74654c7f6028e450671291c4a695a34f39dcd5bf6e59bb217047a8ac70ffeae0c22573735a45e08df45259eceda6a8efa478685a30dbd90d245e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19eba82f8e801d072f39ed9d71743210
SHA1 74ce4e2295660d71f9ad10e5fa69869861283396
SHA256 a1e3f05a7f4ba2532f6a281bfd1bcb560b3ec8dbd3703560a8c00dca0314ae62
SHA512 5051bf329c51cc900fd761d40c4b1c59bd60ec2b2bfb9312c3550709b1912010f2aac92c38e02cec756b23e0d31675aaa047381c3576a4542d2cab5c169ff806

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da96c381134e7396fd2309e604a949b1
SHA1 828a62f9824b28382e1404225583053b99f88b5d
SHA256 ac7fb65dc0f20d71cecddedb0a36693c0f08a0d8b605babfd9af8874a79656dd
SHA512 75b9be15f2fcedcfd05974a94dcebb4c00dfa645f13b1e126581621911042b07b6e4aed228e3a088acb2d3f54fade5bbaaca62389c3242cfd4ad3d3e50095d72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1475aa05e9a4c7be5f2d9557fe5f4a71
SHA1 0c2229a9d8fc361165d0f9462f091efe49c39650
SHA256 3066442c0ef18704b8fb5792136d79248a9856adde54437fe651854fdfcd2360
SHA512 b1d18528c8eebb59c36049246e081c9fa9f39dffc69679d825ac52fc04462cd9b8826bb5ec0544ffce1a5d8f4b93bd91a48acc299b1bbb180eac5ce772fd8181

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a51e796bc532e35f8ed20ffc2e6bc31d
SHA1 a0b8d84e75e29bb7b7d6aa4dfe91c6d84f7d20be
SHA256 223100504e6dc41b7623d28a504b7ec13226f0f59d7756182b262d61662d859a
SHA512 934c84af5274cbf214ff9b3465c848ad46ab539db9b7f053557664023ec7660cc5651fd1dc1ce2d03762ecaf030132e7b0f7c30d71c6e0884727c3dba29ca54e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e9fb18a2569d26666539cca4182405e
SHA1 7a5a1386dd257e6a92ca0adc22a787a9a40e2ca0
SHA256 485f27ec9d66bd81e6fc62b4f5b2f3515e81d71f04f5e1243789b3d3649c2a29
SHA512 d5a846fb50e6bc90d592990b0f9f4e04d05f3ce32218f7837f5b52bf117427fd01ed6f16bd2b255a4f248b764b6430300e69109c4906eb4cc6124c027aa58ef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3835ea8361f18e3283dcd661229e151
SHA1 58d0c4bd3eb6cd6a865f69c45768112962e441ab
SHA256 a2f1b0a6efca8c2a15cf40cc5571ac2b0cce69af88d7bab82cbab9c29349dce7
SHA512 ea5b399abd557d3edf4977fada9b58a6ad401efc71067bdf90d44ad6b935389dde80ff7add9e18ba0f9f22488c4df694be5e8680849beef71d816250fcf7bd80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adc86f6117e9730985a236eaa2331913
SHA1 f01e630f736c96b4d176a7b16fdc1c03ab85a110
SHA256 ed2a1e319cc40001a2bd94dbe3083dcc2c92c77f3cb353b43d96e32fa83a3f99
SHA512 f8c5b6826405b4e51f24249a13787d49d1545b4d97785795d7511ac2b8e97a7f7d30187e5012c54b250b20705aac68e4ec4195b504ae78a31c1d625672c92047

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LHCGL6HA\www.youtube[1].xml

MD5 6b4a6af70d376acc0646c95e6a57601c
SHA1 85e1978a6bcb4d7abfeb4a95d6f7b02389a79711
SHA256 3449ad0d3f8c6e993c3a782af26c0c4f6e79fc31f45a112ece6936ce72c26455
SHA512 9c143669b57eb8bb56580e87875680d5e4bdcc9b4993eb53ab23b2b0451dad7254334dad499027b35ae34e148c548a0051ba412a9b5e13e33f7e27a91fddadb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be129183fc877954d464da2b1e8366b4
SHA1 3c569dd0255a8ea6e92f8888835e6ce6f90b588e
SHA256 7cdaf25ed0a16cad506de89dc3b6063fd8ffe27b319589e52a1cb760ca0d1029
SHA512 0bdef628c3822d2f1672d12ec3728c2ca1a0436caabaf57fd250d83bd47ce89889409ac99f749e8bd87e5767f5ce64fa10c73e711f7acb051335f4c90f9d85c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 970410f84eb797fb77459c04a6a87894
SHA1 05937d320ab88a71af0a17ae4384d89e2c3ed539
SHA256 d2c6eda6329fc87ec877560e8e8a3121ee464e29a97ca5113236c7893244206f
SHA512 f5eb7f303be0af1b50ca311ab3817b773e900e829d23626b401ee1217b82b2ba8b68383a4932827194b103057f69e15bf0053c72a91f0c2d84117f4d4d920b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c6f9f3607ccac2b169f74d452cdba6f
SHA1 f4391f98ad3c411fe56758da51e0bfd51dc5a1cc
SHA256 0e9a606fee3afe587f74b13a88044102230a88b811e41d22cdd69218d92a6683
SHA512 e131d91bb2d7566a0708da476eb3fd0f5d66d3dc0df329f2b454569fb48151d429c3858b23e4423bf7b1edbe29dfe0127161b22cd4fafd5adc5ffd200512de25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06dfe12e2eb04cf888989b23946f1e51
SHA1 3210a6a788194e5526e0dd2eb229b37923f52eeb
SHA256 d482a7f26dd0071bed6e5633c339134f82f44a1d247be9c54120bbed960764d5
SHA512 94043e3273bd6e8abaff598a7a9f9c7a5d855d08438ba0385520f7c52c395cacf21e2c740b0c3a0bc357e97b0973c8cb5c29794fc668ed95ac54894e584cb1d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8ee85a297fd70438c8de8454cbb7e24
SHA1 33a49862c2af5b5a2be4612cbce0a20eb861cd48
SHA256 e4c5e19c110d057c960cfbfd1a8e9df6db696b7a2937004ad8e7c99a21f2e927
SHA512 e7e912065f0f632665714ef1be3219f697449c55a7d6a663c8c752787ce02a4108f1e21a5fd27108c5f38e6d98882e73629b8d1704a57649a3cd6e4df2b201d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f73a60ccabdc9213fe6e1cd5400d369
SHA1 e4a463711e305f8fed73f19521f92607d7c55ba9
SHA256 f56472347a675605f1efa9283e52d5acb4fe8145f624ee035389a4dce3e1c082
SHA512 a0eb6c20f735e8cd43866683447eb342cb62f2a00fda63ac60079fdc3eb7c40004e6129a9c1fd99b87911bbe09e0ca0364da0feb4bfc51d66cdaa494413735fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55febdcfb63430de9e7ec8e9b9ad569d
SHA1 ac4bbdf4af65068781abe55fa9d4d431249b7c13
SHA256 c1c2b278f6f33d3e7fe17e1d57bb8c16f9c59d2683a60be0449494e0d0135b0d
SHA512 85ee910e8b037905e281c15210f09bdb2d64cd8822600b18c48cac6dbe170760f5eacd57c21fafd3c5831f27bb7fbfda89445867f06f77783095c495a066d7b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b0c88e63e986570359f8581152b0338
SHA1 1f50a51b35ef39d46a2b807833b23a9f6ae44f2b
SHA256 2f6f4889acddd852a5f1aa06804aee2664cae32f672495c54bfce49aa0966257
SHA512 b58b9f8c4d5d9a7f6526d566349f307e241c60b9ba19a5dab6d164335ebfa52edf01b859462b821ec2fd32223416cda2edea5bb991d7331b9660eae21b1bf02f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9d7c6e000789346782655987bfac07f
SHA1 112abff64ca3b09755828b72f827fad265cc4022
SHA256 0b513a484afe6f8fd49e9adc077908b8477517fc061c05abf6973e8fd84dcbbd
SHA512 d674cd39d0d9d0f382ae9f7862c908e14e4403c4e44c73d4f2a88f9726dd529f4946ecd1239cd8add2d5269ca1acb641d6613b28aa48d92c1cc40301fe8f3a18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cee344ac4cb9966b694e97aa1a9e805
SHA1 bb6a29939f211ee521c4527e0e878511c70b3e9c
SHA256 21dc1ee42ad85996153f7dc4c4b0eec75a0ed55aa0b349f1f8ba210b775b57ee
SHA512 b4d65e7527496be8d5c8a0ac3443acc6df67317d24965fce720354928b4da16f429fd9950b8f73bbb5722ed7eb625563bb7bdeff3f44702a270aa044c1179a28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d5116dccaf368b265b41f8f60df1044
SHA1 7a72f982eb26449188b8a94c50771b5ed8caf097
SHA256 1ec8883a458eae383b2475514671cb18862b326c729155f8e3244b43edb9f339
SHA512 d83bd41490e7a603ec51dc27e9d0629a1f83f9cfe28dac9b3e036c981a46999fd13b08e201fbefa8b5151ea6c325827da40890d96ade241499489959536fd815

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ecdabbcdc161ad7a5103b73af7ba602
SHA1 40b15a3f534d0b9eaa68efec4da4d9b0924a7f34
SHA256 f4d720f5bfab0579172e9f33fdbdc495e62e9150b2af75eb1163b0285db80f15
SHA512 54bdb13ae0fb2a7ebb1c88f63649987a3e67657b59db856d2749270eb654aa657226ce35dd91384477f4b0763d3b30d06e9a05145cae7d740be2651379e098d2

C:\Users\Admin\AppData\Local\Temp\~DF646F054BAFC1D77F.TMP

MD5 914241e02e5a41e449f941c0ff8ae8f8
SHA1 b788276590473e3f1f8846bd2dd7fbce42a01b58
SHA256 58a5d39a171b691f179de9f3e4f5f38e99ec69eb839aa7fa2de41c7570d378da
SHA512 1a78df69814046974953b68ad3eedb0344a535416939a1736d438327888982292b1a11baf0a59b15116c77e82b89e3a3c5cda84e1ac93785fde479f7b8e55b98