Malware Analysis Report

2024-11-13 18:03

Sample ID 241107-1sv8ksyhmk
Target LDPlayer Lite.rar
SHA256 b797d37733733d7e3e9b869d4b2545e7561712370830230152ecdffb42703adb
Tags
discovery execution exploit persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b797d37733733d7e3e9b869d4b2545e7561712370830230152ecdffb42703adb

Threat Level: Likely malicious

The file LDPlayer Lite.rar was found to be: Likely malicious.

Malicious Activity Summary

discovery execution exploit persistence privilege_escalation

Manipulates Digital Signatures

Creates new service(s)

Possible privilege escalation attempt

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Checks installed software on the system

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Runs net.exe

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 21:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 21:55

Reported

2024-11-07 22:00

Platform

win7-20241023-en

Max time kernel

121s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe"

Signatures

Creates new service(s)

persistence execution

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\FuncName = "WVTAsn1SpcSpOpusInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dnplayerext2\Qt5Gui.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\loadall.sh C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\regsvr32_x86.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxDbg.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxDTrace.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-file-l1-2-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\version.txt C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxPlaygroundDevice.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-crt-locale-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxSharedClipboard.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-errorhandling-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\GLES_CM.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\capi.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-handle-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\GLES_V2_utils.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\LdBoxDrv.inf C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\NetAdpUninstall.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\platforms\qwindows.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxDragAndDropSvc.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxSampleDriver.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-memory-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-crt-multibyte-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-crt-math-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxSupLib.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-crt-environment-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\EGL.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\install.bat C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\uninstall.bat C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\dpinst_86.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\SDL.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-synch-l1-2-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\comregister.cmd C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-libraryloader-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxDD.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\NetAdp6Install.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxVMMPreload.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\libcrypto-1_1.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-processenvironment-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\LdBoxNetLwf.cat C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\load.cmd C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-crt-conio-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\tstMicroRC.gc C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\tstMicro.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-util-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\libcurl.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-profile-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-crt-heap-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\fastpipe.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxEFI32.fd C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\platforms\qminimal.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-namedpipe-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\api-ms-win-core-synch-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\x86\dasync.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-crt-runtime-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\GLES_V2.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\msvcp120.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\tstVMM.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\VBoxCpuReport.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-datetime-l1-1-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\api-ms-win-core-localization-l1-2-0.dll C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
File created C:\Program Files\dnplayerext2\SUPLoggerCtl.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\driverconfig.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\driverconfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\dism.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer3.0\ldconsole.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer3.0\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\LDPlayer\LDPlayer3.0\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MAIN C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-F4F4-4DD0-9D30-C89B873247EC} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-495E-5A36-8890-29999B5F030C}\TypeLib\Version = "1.3" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4a75-7bd5-c124-259acba3c41d} C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-3C72-4BBB-95CF-5EB4947A4041}\ProxyStubClsid32 C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-4C02-FDB1-C5AC-D89E22E81302}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-3188-4C8C-8756-1395E8CB691C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4A9B-1727-BEE2-5585105B9EED}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-4C1B-EDF7-FDF3-C1BE6827DC28} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-35f3-4f4d-b5bb-ed0ecefd8538} C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-6038-422C-B45E-6D4A0503D9F1}\TypeLib C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-486F-40DB-9150-DEEE3FD24189} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-CB63-47A1-84FB-02C4894B89A9} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-0D96-40ED-AE46-A564D484325E}\TypeLib\Version = "1.3" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4B0A-10BC-9C2B-68973052DE16} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-416B-4181-8C4A-45EC95177AEF}\ = "IMousePointerShapeChangedEvent" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-B7F1-4A5A-A4EF-A11DD9C2A458}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-80E1-4A8A-93A1-67C5F92A838A}\NumMethods\ = "44" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-057D-4391-B928-F14B06B710C5}\TypeLib C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-FD1C-411A-95C5-E9BB1414E632}\TypeLib\Version = "1.3" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-9641-4397-854A-040439D0114B} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-7193-426C-A41F-522E8F537FA0}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods\ = "14" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-6038-422c-b45e-6d4a0503d9f1} C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-D4FC-485F-8613-5AF88BFCFCDC}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-9849-4F47-813E-24A75DC85615}\TypeLib\ = "{20160302-1750-46f0-936e-bd127d5bc264}" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-CC7B-431B-98B2-951FDA8EAB89}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-2354-4267-883F-2F417D216519}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-0D96-40ED-AE46-A564D484325E}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-DA59-426E-8230-3831FAA52C56} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-7F29-4AAE-A627-5A282C83092C}\ = "INATNetworkSettingEvent" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4748-3E12-E7FD-5AAD957BBA0F}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-3C72-4BBB-95CF-5EB4947A4041}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-83C7-4F2B-A323-9A97F46F4E29}\TypeLib C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-477A-2497-6759-88B8292A5AF0}\TypeLib\Version = "1.3" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-4BA3-7903-2AA4-43988BA11554} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods\ = "12" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-F268-4483-9A52-F43FFDBF67F8}\ = "INATNetwork" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32 C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20160302-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-4B0A-10BC-9C2B-68973052DE16} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-1F8B-4692-ABB4-462429FAE5E9}\TypeLib\ = "{20160302-1750-46f0-936e-bd127d5bc264}" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-43E0-E9D0-82E8-CEB307940DDA} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-3FF2-4F2E-8F09-07382EE25088}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4A06-81FC-A916-78B2DA1FA0E5}\TypeLib\Version = "1.3" C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4FE4-AAF6-91C5-E9B8EA4151EE}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-4477-787D-60B2-3FA70E56FBBC}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-1F8B-4692-ABB4-462429FAE5E9} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-3618-4EBC-B038-833BA829B4B2}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-2546-4D99-8CFF-8EFB130CFA9D}\ProxyStubClsid32\ = "{20160302-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-D8ED-44CF-85AC-C83A26C95A4D}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-44DE-1653-B717-2EBF0CA9B664}\NumMethods\ = "35" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20160302-47b9-4a1e-82b2-07ccd5323c3f}\TypeLib\ = "{20160302-1750-46f0-936e-bd127d5bc264}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-057d-4391-b928-f14b06b710c5} C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-7708-444B-9EEF-C116CE423D39}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-E64A-4908-804E-371CAD23A756}\ = "IMouseCapabilityChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20160302-4BA3-7903-2AA4-43988BA11554}\ProxyStubClsid32 C:\Program Files\dnplayerext2\LdBoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20160302-659C-488B-835C-4ECA7AE71C6C} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20160302-1807-4249-5BA5-EA42D66AF0BF} C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Runs net.exe

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A
N/A N/A C:\LDPlayer\LDPlayer3.0\dnplayer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 2320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 2320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 2320 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 2320 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe
PID 2320 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe
PID 2320 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe
PID 2320 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\LDPlayer\LDPlayer3.0\dnrepairer.exe
PID 2552 wrote to memory of 2824 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 2824 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 2824 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 2824 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\net.exe
PID 2824 wrote to memory of 2736 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2824 wrote to memory of 2736 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2824 wrote to memory of 2736 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2824 wrote to memory of 2736 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2784 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2360 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2508 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2932 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2248 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 1392 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2552 wrote to memory of 2504 N/A C:\LDPlayer\LDPlayer3.0\dnrepairer.exe C:\Windows\SysWOW64\regsvr32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM dnmultiplayerex.exe /T

C:\LDPlayer\LDPlayer3.0\dnrepairer.exe

"C:\LDPlayer\LDPlayer3.0\dnrepairer.exe" listener=327702

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\LDPlayer3.0\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\LDPlayer3.0\vms" /grant everyone:F /t

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LdBoxHeadless.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LdBoxSVC.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM VirtualBox.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM VBoxManage.exe /T

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Program Files\dnplayerext2\LdBoxSVC.exe

"C:\Program Files\dnplayerext2\LdBoxSVC.exe" /RegServer

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\dnplayerext2\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\dnplayerext2\x86\VBoxClient-x86.dll" /s

C:\Windows\system32\regsvr32.exe

"regsvr32" "C:\Program Files\dnplayerext2\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\dnplayerext2\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create LdBoxDrv binPath= "C:\Program Files\dnplayerext2\LdBoxDrv.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start LdBoxDrv

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "LDBox" -Direction Inbound -Program 'C:\Program Files\dnplayerext2\LdBoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LdBoxHeadless.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM LdBoxSVC.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM VirtualBox.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM VBoxManage.exe /T

C:\LDPlayer\LDPlayer3.0\driverconfig.exe

"C:\LDPlayer\LDPlayer3.0\driverconfig.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "C:\LDPlayer\ldmutiplayer\" /r /d y

C:\Windows\SysWOW64\takeown.exe

"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "C:\LDPlayer\ldmutiplayer\" /grant everyone:F /t

C:\Windows\SysWOW64\icacls.exe

"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\LDPlayer\LDPlayer3.0\dnplayer.exe

"C:\LDPlayer\LDPlayer3.0\dnplayer.exe" from=install

C:\Program Files\dnplayerext2\LdBoxSVC.exe

"C:\Program Files\dnplayerext2\LdBoxSVC.exe" -Embedding

C:\Program Files\dnplayerext2\vbox-img.exe

"C:\Program Files\dnplayerext2\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer3.0\vms\leidian0\system.vmdk" --uuid {20160302-bbbb-bbbb-184e-000000000000}

C:\Program Files\dnplayerext2\vbox-img.exe

"C:\Program Files\dnplayerext2\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer3.0\vms\leidian0\data.vmdk" --uuid {20160302-cccc-cccc-184e-000000000000}

C:\Program Files\dnplayerext2\vbox-img.exe

"C:\Program Files\dnplayerext2\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer3.0\vms\leidian0\sdcard.vmdk" --uuid {20160302-dddd-dddd-184e-000000000000}

C:\Program Files\dnplayerext2\LdBoxHeadless.exe

"C:\Program Files\dnplayerext2\LdBoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-184e-000000000000 --vrde config

C:\Program Files\dnplayerext2\LdBoxHeadless.exe

"C:\Program Files\dnplayerext2\LdBoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-184e-000000000000 --vrde config

C:\Program Files\dnplayerext2\LdBoxHeadless.exe

"C:\Program Files\dnplayerext2\LdBoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-184e-000000000000 --vrde config

C:\Program Files\dnplayerext2\LdBoxHeadless.exe

"C:\Program Files\dnplayerext2\LdBoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-184e-000000000000 --vrde config

C:\Program Files\dnplayerext2\LdBoxHeadless.exe

"C:\Program Files\dnplayerext2\LdBoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-184e-000000000000 --vrde config

C:\LDPlayer\LDPlayer3.0\ldconsole.exe

"C:\LDPlayer\LDPlayer3.0\ldconsole.exe" report --key firstStart_loading --value 6_4

Network

Country Destination Domain Proto
GB 142.250.187.238:80 www.google-analytics.com tcp
GB 142.250.187.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 encdn.ldmnq.com udp
NL 47.246.48.225:80 encdn.ldmnq.com tcp
US 8.8.8.8:53 adabdapi.ldmnq.com udp
GB 142.250.187.238:80 www.google-analytics.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
NL 47.246.48.225:443 encdn.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
FR 3.165.113.129:443 adabdapi.ldmnq.com tcp
GB 142.250.187.238:80 www.google-analytics.com tcp

Files

\LDPlayer\LDPlayer3.0\dnrepairer.exe

MD5 8307726491cd3be4f50e43130648700f
SHA1 b91aecbc27b313ecb5e6ff71ac108828e1ecb5b7
SHA256 924b0ebef48f75663368d5d6748f4538287db7966782ede2fd3c29b6ae517652
SHA512 ab989ad7fc280b9050c3a084427349aa9548bd1695792db25658fc8e1d1ae3aebca37680e30b1236daeef4bdc5321f3acf917473c521d9f9e4ec231cc9b22a1c

C:\LDPlayer\LDPlayer3.0\MSVCP120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

C:\LDPlayer\LDPlayer3.0\MSVCR120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

C:\LDPlayer\LDPlayer3.0\dnresource.rcc

MD5 7926c0b01f039b1837dbe8ca6bb7a752
SHA1 c0bebd8f4aa9863494ce8580d891376e86681398
SHA256 8173a0e76b2d708ac0c212e007a10696ee48cf3353377c614d21394c6727f6f6
SHA512 7abc586529a8439494cd458553095f56af3c694f06d87c156529da3536ac47f45934d66e6d7c722aa0786f7fa4fb18638657795942f619365fdf59fd1d6a57ff

\LDPlayer\LDPlayer3.0\crashreport.dll

MD5 88fe6d0b92ace90aa04d6926d64a8cec
SHA1 8aba3132bf19029dc733014d58b812bec2aba1e1
SHA256 cf91922687f6b69c2afae8fdf7e2c1b9a07ef309c2cb4826fc3cd19202095430
SHA512 eab42136713ece16cb50e691a6e8a594f2bc2d5cd020d7f7766f6bbdc1c7ce7dd5c2d3cff940727d6f74362786a2ef5ab05897d129c6eba25d988c68438cbdd8

C:\LDPlayer\LDPlayer3.0\vms\config\leidian0.config

MD5 7b0f5febd2fb92f6f2bfced043ae2f38
SHA1 8f416826629f83fd4f0a97dad94baff00aefb263
SHA256 af0640d66f6530824109985839f37f57369c024f2ae6039a57db866c44bef2ac
SHA512 db82a642d9a77bc7eae1d0c231a5b815180770da35bec129310f978dabf38fb6221069cf1b3124ef8fca68e4d941972300ff833d56234961a47f050036ffbf30

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-console-l1-1-0.dll

MD5 1fb62ef7e71b24a44ea5f07288240699
SHA1 875261b5537ed9b71a892823d4fc614cb11e8c1f
SHA256 70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a
SHA512 3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-datetime-l1-1-0.dll

MD5 0fb91d94f6d006da24a3a2df6d295d81
SHA1 db8ae2c45940d10f463b6dbecd63c22acab1eee2
SHA256 e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8
SHA512 16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-debug-l1-1-0.dll

MD5 c1fdd419184ef1f0895e4f7282d04dc5
SHA1 42c00eee48c72bfde66bc22404cd9d2b425a800b
SHA256 e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7
SHA512 21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 e46bc300bf7be7b17e16ff12d014e522
SHA1 ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44
SHA256 002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e
SHA512 f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-file-l1-1-0.dll

MD5 e87192a43630eb1f6bdf764e57532b8b
SHA1 f9dda76d7e1acdbb3874183a9f1013b6489bd32c
SHA256 d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf
SHA512 30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-file-l1-2-0.dll

MD5 7041205ea1a1d9ba68c70333086e6b48
SHA1 5034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256 eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512 aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-file-l2-1-0.dll

MD5 8fd05f79565c563a50f23b960f4d77a6
SHA1 98e5e665ef4a3dd6f149733b180c970c60932538
SHA256 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-handle-l1-1-0.dll

MD5 cedbeae3cb51098d908ef3a81dc8d95c
SHA1 c43e0bf58f4f8ea903ea142b36e1cb486f64b782
SHA256 3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0
SHA512 72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-heap-l1-1-0.dll

MD5 13b358d9ecffb48629e83687e736b61d
SHA1 1f876f35566f0d9e254c973dbbf519004d388c8d
SHA256 1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd
SHA512 08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

MD5 c9649c9873f55cb7cdc3801b30136001
SHA1 3d2730a1064acd8637bfc69f0355095e6821edfd
SHA256 d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f
SHA512 39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 bedc3d74c8a93128ef9515fd3e1d40eb
SHA1 d207c881751c540651dbdb2dbd78e7ecd871bfe1
SHA256 fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32
SHA512 cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-localization-l1-2-0.dll

MD5 769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1 b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256 d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA512 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-memory-l1-1-0.dll

MD5 89766e82e783facf320e6085b989d59d
SHA1 a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed
SHA256 b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90
SHA512 ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 b8bce84b33ae9f56369b3791f16a6c47
SHA1 50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4
SHA256 0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8
SHA512 326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 77e9c54da1436b15b15c9c7e1cedd666
SHA1 6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360
SHA256 885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658
SHA512 6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

MD5 540d7c53d63c7ff3619f99f12aac0afe
SHA1 69693e13c171433306fb5c9be333d73fdf0b47ed
SHA256 3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36
SHA512 ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

MD5 6486e2f519a80511ac3de235487bee79
SHA1 b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA256 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA512 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-profile-l1-1-0.dll

MD5 a37faea6c5149e96dc1a523a85941c37
SHA1 0286f5dafffa3cf58e38e87f0820302bcf276d79
SHA256 0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e
SHA512 a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 6e46e5cca4a98a53c6d2b6c272a2c3ba
SHA1 bc8f556ee4260cce00f4dc66772e21b554f793a4
SHA256 87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce
SHA512 cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-string-l1-1-0.dll

MD5 b72698a2b99e67083fabd7d295388800
SHA1 17647fc4f151c681a943834601c975a5db122ceb
SHA256 86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378
SHA512 33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-synch-l1-1-0.dll

MD5 e1debeda8d4680931b3bb01fae0d55f0
SHA1 a26503c590956d4e2d5a42683c1c07be4b6f0ce7
SHA256 a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d
SHA512 a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-synch-l1-2-0.dll

MD5 a639c64c03544491cd196f1ba08ae6e0
SHA1 3ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256 a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512 c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 56486925434ebcb5a88dd1dfa173b3d0
SHA1 f6224dd02d19debc1ecc5d4853a226b9068ae3cd
SHA256 4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce
SHA512 7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-timezone-l1-1-0.dll

MD5 6f9f9d52087ae4d8d180954b9d42778b
SHA1 67419967a40cc82a0ca4151589677de8226f9693
SHA256 ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0
SHA512 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-core-util-l1-1-0.dll

MD5 7243d672604766e28e053af250570d55
SHA1 7d63e26ffb37bf887760dc28760d4b0873676849
SHA256 f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18
SHA512 05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-conio-l1-1-0.dll

MD5 c0c8790510471f12f3c4555e5f361e8e
SHA1 7adffc87c04b7df513bb163c3fbe9231b8e6566a
SHA256 60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80
SHA512 4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-convert-l1-1-0.dll

MD5 ebac9545734cc1bec37c1c32ffaff7d8
SHA1 2b716ce57f0af28d1223f4794cc8696d49ae2f29
SHA256 d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26
SHA512 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-environment-l1-1-0.dll

MD5 c7c4a49c6ee6b1272ade4f06db2fa880
SHA1 b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e
SHA256 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f
SHA512 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bef17bf1ba00150163a2e1699ff5840a
SHA1 89145a894b17427f4cb2b4e7e814c92457fd2a75
SHA256 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328
SHA512 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-heap-l1-1-0.dll

MD5 fbfcf220f1bf1051e82a40f349d4beae
SHA1 43154ea6705ab1c34207b66a0a544ac211c1f37d
SHA256 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d
SHA512 e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-locale-l1-1-0.dll

MD5 2c8e5e31e996e2c0664f4a945cece991
SHA1 8522c378bdd189ce03a89199dd73ed0834b2fa95
SHA256 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979
SHA512 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-math-l1-1-0.dll

MD5 77c5cc86b89eed37610b80f24e88dcc2
SHA1 d2142ecce3432b545fedc8005cc1bf08065c3119
SHA256 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6
SHA512 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 4394dafed734dfe937cf6edbbb4b2f75
SHA1 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a
SHA256 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345
SHA512 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-private-l1-1-0.dll

MD5 18bdfd4b9e28f7eba7cbb354e9c12fcb
SHA1 26222efacb3fce1995253002c3ce294c7045cf97
SHA256 3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154
SHA512 7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-process-l1-1-0.dll

MD5 7ddd5548e3c4de83d036b59dbf55867a
SHA1 e56b4d9cfca18fb29172e71546dc6ef0383ac4e9
SHA256 75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef
SHA512 9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-stdio-l1-1-0.dll

MD5 c99c9eea4f83a985daf48eed9f79531b
SHA1 56486407c84beecadb88858d69300035e693d9a6
SHA256 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5
SHA512 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-runtime-l1-1-0.dll

MD5 a3f630a32d715214d6c46f7c87761213
SHA1 1078c77010065c933a7394d10da93bfb81be2a95
SHA256 d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562
SHA512 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-string-l1-1-0.dll

MD5 d3d72d7f4c048d46d81a34e4186600b4
SHA1 cdcad0a3df99f9aee0f49c549758ee386a3d915f
SHA256 fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116
SHA512 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-time-l1-1-0.dll

MD5 a992f1e06c3c32ffe9799d4750af070a
SHA1 97ffd536d048720010133c3d79b6deed7fc82e58
SHA256 b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f
SHA512 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

C:\LDPlayer\LDPlayer3.0\vbox64\api-ms-win-crt-utility-l1-1-0.dll

MD5 cb4a19b88bec5a8806b419cf7c828018
SHA1 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d
SHA256 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7
SHA512 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

C:\LDPlayer\LDPlayer3.0\vbox64\concrt140.dll

MD5 65f2e5a61f39996c4df8ae70723ab1f7
SHA1 7b32055335b37d734b1ab518dcae874352cd6d5c
SHA256 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab
SHA512 0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822

C:\LDPlayer\LDPlayer3.0\vbox64\EGL.dll

MD5 86ea00248665670995b18ff6a39dd14d
SHA1 3fe9d3dd82ebc301669988dada67b168ae3f40de
SHA256 8688997cce46b9f7e1fbb17017d9521382553ab2c1d02ca2c4ac6c4352f72e6a
SHA512 5bb8aad7da2576604e70a6b079cad9b8a28e8646f0a8bb77b7106be6777fff84d9c9297571f2efabc5a77577e342630397edcbbcc9e68d6876b9ba87e773387f

C:\LDPlayer\LDPlayer3.0\vbox64\crashreport.dll

MD5 059ee26f14b4facccb5f7acdcfde918b
SHA1 353a517ca8706863b56ce7e1e167b487b20fd18e
SHA256 d9916d6394a88034cd664ea157834da15b141f8b09bd7cfb3c2b419018d3b840
SHA512 2e69b27b6c19cae6eaf98a64b24971835a1d1f90504bfd2ff52b03e9ec5ebe5ac42daea3d648f7b17d7ffb5ea614097b87000ffe3e96ae60298c6051b7e2285e

C:\LDPlayer\LDPlayer3.0\vbox64\GLES12Translator.dll

MD5 eb326e78b1468d758f74b54f105255a7
SHA1 78fb5b42cce72e758391ef1cd599203089e115a7
SHA256 52a4c817d0ea47163c0347e5b26569b98d0ef5ab66c5e6148d194149d40e5f5d
SHA512 f0ad3ed8da2a446ca35f51cade32efcfc1c20f14d8a61316a79594e7c0bd609e97cd216d1d5ad1eaaaaac0984bcc9ddde456f9cdc7cf0347f82edb618bbba1ad

C:\LDPlayer\LDPlayer3.0\vbox64\fastpipe.dll

MD5 cefd18229d479bca04204589143b10b8
SHA1 6d3adbcca43ad51e92221a979bacd3e2f79606a5
SHA256 25b966189dbac33c8905d729e596aa58246391e624983fb849bab59820432e3a
SHA512 40a128f7b4441ce7a0bc90bc1893101e408f9e08adde1f0f44bc0d449541a4194fedea5f49d1cd207cc364711ca22852d372d2f146c8aae7f2a2467e66713c9d

C:\LDPlayer\LDPlayer3.0\vbox64\GLES_V2.dll

MD5 001a0b71e420a81560df6a84a80abfcc
SHA1 30164ed04010afb7ee389fc62568ca1922e95b94
SHA256 63a2a0f2027685ef584bf9b2690c333f368544f3131349afac1c516d860a23d8
SHA512 6192b6783c18fcda2fab13bfe479dda262c0bed997a50021d310b1bb251ade1873519da94a8bf8bd4ccd68aed10623c928c908ed1c5b5a3bbdccbf7a0c245359

C:\LDPlayer\LDPlayer3.0\vbox64\GLES_CM.dll

MD5 6d9a1a8b73519aab169aa4988c9b04a4
SHA1 a0f9594d9987c1302935e2ad6cae5732f6ea99d6
SHA256 02570f7304c89c1bc9bb2a2172d2b353b2d106202c6d502279338d2345da758a
SHA512 8ed3dfb3296b8d2c5c373a2670cd02b54f01e0a295002f23342255fa350dd1e7372152bdea57f1824d93da68f0e0f35dbba4393172f14c22f42f7545aac9f039

C:\LDPlayer\LDPlayer3.0\vbox64\vccorlib140.dll

MD5 f7a85754ccc4d28f184b4211fe9b3725
SHA1 c836b0070af36a65a7585f076065e5d21ad09daa
SHA256 b4d5e0c4c58eb0e413133796bcadebea2b0db15fec846887bf45e126b17fd8fe
SHA512 5be3f9aedc1baf2891f7ca628582cc7634c71688908178fb0df19e6e7ee214c722951a2a3e829f2ca7436aa341624155ad8fd9533985449bf8f760e0b8683510

C:\LDPlayer\LDPlayer3.0\vbox64\ucrtbase.dll

MD5 d4b22fb86c88c071335fe2fb623e40ce
SHA1 cc722eb1098b3a630a990dbceb62e3338b064110
SHA256 2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605
SHA512 369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

C:\LDPlayer\LDPlayer3.0\vbox64\msvcp140.dll

MD5 2fe42eb09647f5ac31dd7e125105ef73
SHA1 fd886fbe78eaafeb474167d32656605d78b3af2a
SHA256 7f8ad9e98c15e78618188cf44dde2f39baff577e02a91eaa66d23c7662d12fd1
SHA512 87aef5bc3d0dd481307b95c80ca10f3e0bd7d36859971652ebd9e02da71104488fa378a936627fc0a7cc486f4b0aacd07028897311d087260b1be44fd034f263

C:\LDPlayer\LDPlayer3.0\vbox64\libOpenglRender.dll

MD5 5e7538e05bc68f5b11bf5ddd7b963ca5
SHA1 3c5de90b67b607844a72fef5fca4889d4aba6406
SHA256 8be858d7a268b101756dc26b274f1c13a355e76eb2d1bb1274f7e214d54308c5
SHA512 8d2912a2d2bcaed32ed32847e66cdac8c594fff92b937933f457555fa616647e28fae14d360778e1acfba3e5d6bf91ba063cdf957f1a3dd99ae74cbbbd96be59

C:\LDPlayer\LDPlayer3.0\vbox64\ldutils.dll

MD5 883f9e6bea9111547161656a2e162bbd
SHA1 4ee64ee7702f8fbbe25fb8db4f59df21affb026d
SHA256 1ce081e0940f317be71650a71e9ba863093894b53c02c1bbe7db70fb8f9591b6
SHA512 9744a8573d9ead7127f77de01b19664afbec65d3cea02face1356b8882da412c13e96f3dcd37ab82986e0472bb63406f55aa8afafc0385846b7712963c5d8241

C:\LDPlayer\LDPlayer3.0\vbox64\host_manager.dll

MD5 2de739db03543e259e18cfee7fcfbcb2
SHA1 04a7fbf587b97643a055534c9c57d10b9056c063
SHA256 0ab0ac37e3ae5050073b7b7bc492ee8cb9bc621d7efca30df218d8466a20bb59
SHA512 fd5b0074f07514c13e2b13eb40bdf28f2f66dd0ffdb26856122235b18c967716ff53e896425628678665b3e4c9f0e27dfeb9cb8d005519f84a1ab023e02e053f

C:\LDPlayer\LDPlayer3.0\vbox64\GLES_V2_utils.dll

MD5 fb6fca56d39c9fc0e809a6e86b9e276e
SHA1 9f4d5a38399d3bdf749752783ce3ff1dafb7fc72
SHA256 4faa7cbb0f552e65afc0a710d1cee1da3a45d315380be53d5fa237be34476a6f
SHA512 58cd6c89735576ab686f513236a1a3acd336780c44c4d5374b2a973d3fcefccf18de2b39fe5feed2078d9f851a446fb650d434e3376a1048300715a1267a7678

C:\LDPlayer\LDPlayer3.0\dnplayer.exe

MD5 7e4ca7fa640fc2a2a6ef7492640c2967
SHA1 e3a720d80dee0425cdb26ed15516ea2a255e031c
SHA256 f3bff4c23d3664f558e3a84cfb81f552c94cec30db43bb194ae4f8972ef7c13d
SHA512 02229ad327ee7e528a570f6af42fdbb1d60eaa37b2bd5a3c764e0ee546a3bd4e6598b9e866746bed26a84404c639255fb5b2f1eef35133137d10c0e3c8880e7b

C:\LDPlayer\LDPlayer3.0\dnmultiplayer.exe

MD5 71fec854b93d4c4ccb80dc1dea471302
SHA1 947058a76aa00b2c166e1613dcc6796cb3294ac1
SHA256 0e7ba5392a80fe4c4b9579771a11fa67b1bbb0bebaf8160711984b1d3e79dcd5
SHA512 3c6826c4e928ec330d82420bb74c71ccd062a0b688d60653b6834457016e1c47f479cf282a62bdc7954b2d341c368f4947a530e7c903a42f7abf401310cb9f96

C:\LDPlayer\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

memory/1600-891-0x00000000354F0000-0x0000000035500000-memory.dmp

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@01[PC Model](Annie).kmp

MD5 60c3815bfe36f047ec0434926d319ced
SHA1 90f628debbb2bde75ec6939c8a904c21ca05ba14
SHA256 9ec1f1bc3fa1a78374783aea451573c935b4338b737ecd4e17faabdf801195ec
SHA512 095471941ba9ca0eeec27a156ebcce360c10afd9cb8e926e4af755d6e69f3513fae28c1140056016b3768172684418ece1d51b4440a2f693ef1c4d57a4732b75

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\灌籃高手@06(YOSHINORI MIYAMASU).jmp

MD5 3a1ea631538635231c83fbb0e6b43172
SHA1 793f2f995e22473ed51edf8c819bd137a638a3b8
SHA256 55694d965640d1fd88285eedc4ea1888019d19f921f58b19ca3e6a065bdd8e2d
SHA512 b4a86d6ffc76c31407338a405f65f8c16a18a082a52c5968fc10c6c13f037cec79e90a3b46b00794cb4564a1696d0bc965bc02bbb16abfb88dfe7bab1b6d22ca

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\灌籃高手@06(KAEDE RUKAWA).kmp

MD5 c6663359083f11a6bddc7a1fbcaa264a
SHA1 ebf1c4102196308d69df6b3ccef8e78de7ed2ef5
SHA256 437ec41da7414e58f96d8d04991cacbdd5ef042bb64f22e787d4ce526b17164f
SHA512 cfdb84d44a3977c3404cf6aea5f416047ffbba84eda461eef081b4eca14bb89ef0eda3e6990db72bdca8ef945c395073a0ee165350585815fdb5be677ed31ba4

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@01[PC Model].kmp

MD5 9428775132f0283a87811f3af2ad2665
SHA1 bc2c735c1a4465a8330eb6667de95d0e5135920f
SHA256 bdf12a17e6ae1c7489c43030b2a951bf293eb67ee2c4980a3024432f41ce1017
SHA512 6980a4e8d333fcefc52dbdeafb1df4c8c7a459bce89851e7a50a940f45c666eb9e921a8a0efdb8720b1d4b2c1dcf04db945f2b2484b76d417f064344b62cd504

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@02[WASD Model](Aurelion Sol).kmp

MD5 e4765481e0f9bb9f97ee64b2987538e1
SHA1 f743b059b3f5c90f470dac43a4cd7a9cdd769175
SHA256 3bdcbbb5bb7e7ad314d998102b9167db29fe0fee899f77dcc6bc0d69c1ccfaa6
SHA512 94a598e37cec4e62931eb205b8a0c918dcf89af3e9cd61bb5cf58c15a0886b69d72231d679c4ace820e70446da2823c7912c33e1d69766686249d9b3b3cdf286

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@02[WASD Model](Kaisa).kmp

MD5 100574d0a4008a70cf2f6bd159d3c4cb
SHA1 78661c0148e85463eeb2b78163284d09c6213308
SHA256 9f18bfbc99c7b8e0f37047daa1e08884151aa57b3072d5a837a2b0188ee1735a
SHA512 b9aceb5c2e3b261bc918a840e06d022a4b671af28f3bbf3901fafe417b4940606558b10675ae21ae980d778894cdb07a13320a932a83a2c0520550a799cb20fc

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Draven).kmp

MD5 d61e02e3a98f4b9f5d48583d4ef06183
SHA1 be5cc1136b519d40e49186f9f1388c32f8178239
SHA256 34a9313a9114fee24cfe249b0e67dcd3d40bb6827a70df8254f0e14ef2f6a647
SHA512 d61b8a181cb870f3970b8930473ab8e4610b152c65076ec0c1f11ae3043b967cae618e641e53d1585cbb14ea63a5baf0199cccc8deeafe8861854c8887c685bd

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Aurelion Sol).kmp

MD5 682affc6815ef14407a0ccaa2a9d10b4
SHA1 2a2cff38810242cc9b11ee117c140166216d6562
SHA256 525e5a747d0929595e768bbe44d06e29a73a90a560062abc3c995b9ea0995993
SHA512 f19ec184893627a25b993c5628339ea3ae4bba8a72f0358d94987763259f176feb543aa552422a66647def71b236e5c6ee58c97ac6978d4a27b5a1f8c5f1c97d

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@01[PC Model](Annie).kmp

MD5 64ffff6ea4dc45370ce3eb6b9a749e38
SHA1 aab55ae7eab6ad3257c63cf234634ef6ae5796d1
SHA256 ebfae17c910125fa35cc8cac824ca7bb7aa375192a08f01bafb0383d41e150c0
SHA512 50d8e9f5be2780e7428879adf29eaf1b69b25aa5694a42f0e31b197d3df203a71c84f392acff140a0477af15dc87e893144b539bd829edd1fbbcfaf089d345b4

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@02[WASD Model](Wukong).kmp

MD5 c6795ef98df6ed699012201e9a492885
SHA1 f3caed409650b21fd98dc40930676ad8673a67a1
SHA256 2c3b5866e12aef9af9310c8cf81b77f4085c74a78017d59f6f7cbce8a5077c5c
SHA512 c48ee45de4f1219c1290fcde63ffd664cb65a4976048b097143a8627dca511b2ca99a1912f6e7080d4940b9ac0ed8c80ea1ffd00d985fa7eaf2a54598a035f75

memory/2548-1168-0x0000000000140000-0x0000000000150000-memory.dmp

memory/2548-1169-0x0000000000250000-0x0000000000260000-memory.dmp

memory/1600-1170-0x00000000034D0000-0x00000000034D2000-memory.dmp

memory/1600-1171-0x0000000003560000-0x0000000003562000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab7790.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar787F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a2071573fc91bd2ea16662ae99a5800
SHA1 2fdef0fa50326834a3111ba4810bb78dfbcccd71
SHA256 bb1eb3863624f12d23774a123e6b676544530e6793466ff48b831365902cc6a1
SHA512 f14c41273d6f2fa45537b5e681f3c8a215f3709cd76d40ecd4d930a8144ef81673c28f352f94271a1ff5d849f67275ae862a340b620942e0cdee52c8d6a71c0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9dd142fbd66e2b54645ea18ee67eca8
SHA1 bcf73267fc40254af63eed92f963de4a0892e2c6
SHA256 1f8b7e14757e49854114c56ec94a4d9177e0643c6a71b686658351b3bac027c4
SHA512 59dab1749ae77c96a8f03f28ab530572c9b497b9dbda85d195be371d99dca392c7715df4f3695a84a83c902c6add41e19e91067f5268d469ffbbe7c4b56e3895

C:\LDPlayer\LDPlayer3.0\vms\leidian0\sdcard.vmdk

MD5 7beef5ad6bd23f441e7ad829b4b3e5f8
SHA1 005a82eea06cb83f7f09699a3cb8668e42443650
SHA256 1390ce64d20871df08a72ba0fb0351ad08e4389e8d031bd537d2212dec7a2341
SHA512 94da3d4a2084be0d44285a964a6592c2b9829f5946acae1c34e44da12603b842058a6b7361acc73c5f75c498d3abb2fb35bc3a0672201ff6dfa4b3be4add07a3

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings[LOL Model](Lian Po).kmp

MD5 4c148969707b17ae2493d775528f1294
SHA1 cd5ed715bac1d97a26eaf05ea823452611d543e2
SHA256 4651947d65dd93e20ff618ecaea331a9655de006475e52bc716d8b6414536538
SHA512 283739508d4755cdab8596e15d69de1381d0425c6f58a613395df145b5d1251052b23c49213e7343d963b9a0ffeee752468bacb5dfe9e6994ef9e16eecb0ab5e

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings[WASD Mode](Luna).kmp

MD5 41b9fa46bc1f630194c7555b674a62aa
SHA1 df8e48885912c3e9e2a6bc796d1c1232310ab4da
SHA256 8fa063b060dddf494d9d36e39a3d2b5eac80c4841b059594b077430aa22afb58
SHA512 48aa2ab8182365c753fbfef4189be4e2ea540e6f94449d03da8fc270581a9fb41435abd66ef4d4d0576f58a6a50b5cf97dba7dda521613638f5b6ee2b0a52183

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings[WASD Mode](Fang).kmp

MD5 69bc3660dcaf99cf88558dc5ec1e742e
SHA1 2c2d24a5faf001e1f606e4f7b4e89383d503e348
SHA256 7a75f6ce24f56991b3f349ee16c272c329591945371b69ecdc6d4c2539a77e71
SHA512 05fbcd530278d862a84a972c1089faa38d56f7e1c5395f337de1a05c369c05915c5cc4729e9113f2070ef62fbe80bb1a07a08bf302b9808b30b0da8be24ace8c

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w@02[WASD Mode](Fang).kmp

MD5 1951001abafb05ca4e528fb70cc86a81
SHA1 20f8089ed4f998b656001b203221619915c1ff12
SHA256 ecbe28b35a8b0eed199d9794e72f76fc52a70a31ef2807b1061e41d5f10b1938
SHA512 1c6ae6188c7ad933b681ff6d5ab65050afb1a484a52eb177c716184c219119842afa5ad857121d36f5296107d606dc7681fd98c45ff1d747f65e879144a84e8d

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w@02[WASD Mode](Luna).kmp

MD5 8f696b068ab76d9cd5c9063625d5b74b
SHA1 8d16eda957790f909a56aea6e07de4d030011681
SHA256 59123df5518b0f6e02658a6b5a081967ddb93bbf95594709c2bdd1a5642c075d
SHA512 d7c8618cf6b1eca20982b0cfefae8df4c33928f199995b3f8efa831d0a27ea96d449b882b8ecbdbce785023dd3c05a0c2322906b2ea9d160c485e0f114410768

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w[WASD Mode](Fang).kmp

MD5 7d2340394bbdc5057d12ef5024bdf967
SHA1 b0fe70e3b5d90d4a0191271f1a974e65fa85f355
SHA256 ea8e9ab522f05a9f7c15e5d1256616208db7e2554d5e5801879b1ec51ecab255
SHA512 76f8903c780077372f368056e748df67d3903d5eae36405a13b4fe5fe34826db093f2b73547a6d4f3ec004a2b9c7f4d8ff8f86518ac0b5a9f7fa2de5cca0c462

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w[WASD Mode](Luna).kmp

MD5 8f03e9daa81a4b2d4abd8f91da05ea9c
SHA1 b5c4b052c99e7585be1362b10143ab54ba4f169e
SHA256 822efa86e42f7ed301cb03aff05479f3ae7fc6e5ba77f64a9478750cb15e2ea5
SHA512 72742e0ebd8e0c19a88c1c56501ce161aa1bd5f5795a011ae4fc29e3ff6f325d4b914789a82639d026ee67f14249e4190eb6fc831ecab8d4dcc223903701c674

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Tom and Jerry[Keyboard operation mode]@01 (Jerry).kmp

MD5 07d721d103540e005fdd784664cfbaa6
SHA1 ef4d304ed3c0162def5e623c87521a47dd323807
SHA256 b41b5b9abe8fd82fb5ac32a3d36e6bc16e5ac40987bc59999c489706431f50e9
SHA512 e2276cd4af34657bb82f44dbedba6df523d788a1c9d24752d3e11925cad73a71e73e1cd8ceafbb45404dd8204267f2ed2ed5793cf73c18bbbb0c5ba4fd73bca4

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@02[WASD Model](Gragas).kmp

MD5 5ded88ce9d7367113a78b8c336df4673
SHA1 a51a4a26cad36d5fb534cec1ab4b7a9b824e2ec2
SHA256 7b7022382d048ec86e66e42e38658d5631e890e1487cd6623ece44ca09795c21
SHA512 e0c771951fcf676e3cf56143b22a17fa9b5402ca9d8f176b94e372b275c2ea23e793076242dbdeaf56fa4cd8aa63958b8c3f66d9ee0504a2064c633f5cd4fad0

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟@02[WASD Model](Jax).kmp

MD5 8334cc6e12498113249be9a208c6d3c4
SHA1 3bb4994f4cc9d240c9545e1a33b6ed8e5cee81bf
SHA256 40f0985c85e59bc0c142d8ddbdf86f39dbd0daf084e0457043c4ddcaab14fa48
SHA512 3475e239c98ef55dfbd50051660b31116ea5f008779b562727d0a53420a75d0f06a6c40b602ea6d91b3ef0640f1c8e79506c8b7e83307cc5c9e474af97bee20e

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Malphite).kmp

MD5 77c6bdcc7f852110d3fe2abb856453e8
SHA1 388d267618745237ed5aa50f686d6308aaa3dd29
SHA256 0f857556c697c2afa9520c9fc652fd4f1ae43580db97f4dd26ba3b6df7e886af
SHA512 c03fdc1e9d636f2e86d83ff0999833c7794f3e49afa7e3cf64a76027f89a747da7a3f05b0d9caa797ab201b85ae972188b3e85d47227f5ff0bd190be471ebc11

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Seraphine).kmp

MD5 f04cd4a8f6845ce984435e7b6a1e5cd0
SHA1 95d57f868a9e4eec02ea3d66e83747138112187d
SHA256 da34ebebb3e51abcd3f94262f0191e4f9222275622473ce62e40cfa1cdd6ba8f
SHA512 48b3ba2e7689245bf4cdb7db931a770e2e274e7873191644f45c8fa32417428e1813ff54beba74ef1396aaa55ee550764e52c5b0de3b78e866ad8f30a3f7a56f

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings(Ukyo Tachibana).jmp

MD5 26ad0580c255bf68c719670efd2ac1c0
SHA1 27ea64df96dad6ed7ab6be6d321ff382f96fefa1
SHA256 9c4cb4b5d7b56e086fa1afb22c9219297eab98c29ab586a94a646376bbaddb78
SHA512 8ea8b6118fcc0cd636f138fd48c4c3d4ef7c4d6fc414806768532e19f375e6d515b92c223f71dfed09f4e923d7c4b34282f6c0985ac78379d694a81dbf60d6ba

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w@02(Ukyo Tachibana).jmp

MD5 828635381f3755b06a8bba3ef051613c
SHA1 67326996635b3434057585d52021f48f1ca287c0
SHA256 30a33da9eb859e6ce29815721f66aab187c01cc522f0c72548bc3d657e14f7d8
SHA512 03dbed41736bb7bff51a697c3c3fb8fc01c7a49398ec7469d2e1efa4fd4c9f916902da69120ee748683dd06381da84aded52e65ea283467684e334046db7ef55

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Hyper Front@02(Mode 1).kmp

MD5 a0860b13776e90685e1dc0f115fafff5
SHA1 45d8c0cf4a202b0b460025a5e19801e6c1abb8dd
SHA256 77051be2b580ba6773b6f37edf20f8cf1de47f9682a684875837dd6235be76b3
SHA512 9132c2a1980084f8abbbcb35a4b26858230788ba2f4efcd9ab09556ff81a010d63074e045bcb103cb348968be7dfa373b95ba13d624715d092c2195fc01171d4

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\PUBG@03(2K Default).kmp

MD5 6a578c88a69ce772cbff87857051df38
SHA1 18e460ab0163305f3cd8a724f1df2e0199a801c8
SHA256 600c458e3955f36f0802598e7a51675962597e1d3c8cf4c2dd9ed25941b5c6b2
SHA512 2db4e45f5ae27a312f802b19f2b56c8f8c4dfb574008b7df83bfafc56da60a05b6ff97d2cd2c105e42d393fd41db2dd2fed949d4981579f3f3ec0090d885f9f2

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\mobilelegends_1600x900[WASD model](3 skill) - 複製.kmp

MD5 4fef0c5e428de283222c37d4c606783c
SHA1 e60a9899d9dbd92057e22402c00a4d2fcb698d94
SHA256 a7469ae2df6a57a9f72499915557fc1308a0ae115ef62322390f36dc8604d9c0
SHA512 0672732fc5f6e5d21463abf4cfc53a0c0134739e31cdc653b128f1dc0860882716248a36970df89934fe9c6a650a4f66de6a567618582f7f1e2e245be4e18738

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\劍靈革命.kmp

MD5 a770317d87a87b2f84ece2f958cb473b
SHA1 5c8840199cda6ecd2210bb56dd7e282b4b18abd8
SHA256 0711efe6d95f3630b1e1687ed169ba141d95272dfabec29aeaf7fd5347f034cd
SHA512 af2c86b5e66977bc8f7ba040b4e19b62e9e1fc8e340d9a500f8c1ed8010dee38bf99f4328dce3dec212bc958bedabc78a6ab0d45b55310cee78c9deb09ad3e9d

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\mobilelegends_1280x720[LOL model](3 skill).kmp

MD5 9a454ed89d7ad8cffe1e77a62de6d55a
SHA1 8c62d4774206b088057a3215537597074e8c26ec
SHA256 e411ac67d20040f7a495cd733015eb6f5dd2c92054bd97382287c6712c32906a
SHA512 6b603ce5f92f8ccace4231dc5559b12c9b2eb8dd6973c4861d2e469ff82c9ee60e85557bd312ae85fcaa680db50daa5f063587a726df01c3def7e2aee210bb4f

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\marvel super war[LOL model](3 skill).kmp

MD5 2b335914fba68be3b639af894ca8d380
SHA1 f426729f6b8cfc28af5e92c399a33c1a76d9f7dc
SHA256 18d8fd52a1c193b7e1b989d2e0abbdd054de685acb46bd5337a04963f33d77ba
SHA512 35157c2c9947a552ab1f951497b6df2cd55317cc2e00bb1af25310191139a56177bd5e3abd3be51a16f6f005fcc585a93ad43134e52f2ab919024e29f595f670

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w[WASD Mode](Li Xin).kmp

MD5 acc0850152cded8bd5a1cbb88a5518e4
SHA1 a55dd75a7bd926dcc8473d7e0f037e7c1b38f28c
SHA256 14e14acc6df1e177d5ebfb1b07422e1b1b7056e9b7a00bbc6d7bb45c9f244a60
SHA512 60a30228948050f4ab78ab41a11e3026720be339fae18d487cfe6fd1c7fb138658314463504621fdc52a2a05362df029f8f721211e4ecd9764d569d453d67ced

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Honor of Kings_w@02[WASD Mode](Li Xin).kmp

MD5 38bca180b17faa64b1b64e067ac84660
SHA1 263ba80a36c2ae716abda65eafeb893ff1d5ec26
SHA256 2d8993c82a907a0d1a6f61b997d164eb0dbb5d219250cb33874a4617a8c3c920
SHA512 9f6261c1df91020d908859d3d598defdcf16660206d0e76386c86a18a9d7e29f152accf9e89dba9cbe447f7bb8845ce53f1810f4b5f00677778945576f606eff

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\DNF@01(←↑↓→ Model).kmp

MD5 c04b9a82e393a3c5113f9cedcc13fe9a
SHA1 b3b2e24ef5e0e2e8d5045ede2d8ecdb36c94ab8d
SHA256 71c4e70b33cb64a3fc29e62d8a5c3ac39c6aa4b9f04ad4d49665ecd065693c0a
SHA512 f4461c0a244d21928f7300b4e025de0ebe3cf8674474338d94527ad372f9270dc31ba9d5b92083da2561aec1a672a18913dafcaa6f05ce07cbb6b13dcf41f275

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\Cross Fire(challenge).kmp

MD5 a84b069f5e42a7f57c9cbdebeed81f40
SHA1 999097282d9767434067e1ae3811704bb92589c6
SHA256 953b5f074e31c2098da5b339a4bc67bce6304b064f4cf1fff44b62acaaf617f0
SHA512 45c2dfe1be759d1cb1d64ca928eabda5de09c1fdf2fc952d201fd41828466a3914c5b929065de03605330398a12594411eb96aa70ed694ead1e51acd7632ffdf

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\brawlstars@02(default).kmp

MD5 df82ddba032b4eba619a0595518c8871
SHA1 45da8d45995b6c71dcd486ea0ba2a314e1b9c030
SHA256 262fa0957b2381f5062828116f15f59c31ef61411820eebfe3ed22da67117f4e
SHA512 2fec6c554567e90cf524c2ac5f2e40efb4434fbc6d2b73bce55d2f1d9d3ea95c1fbc4e11afd1eb446a8b1cc41400c81c8d9f2c339533aad1cb5ad0c3d2b3776e

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\리니지M.jmp

MD5 c9ad0a8d082c9788811b525b024008d8
SHA1 276a235b58e3a55539c03b4ec3453729fd7470de
SHA256 beb4913f3a52a1279c3fb9105c48484cb565299a04d18cf679412fd436124d24
SHA512 33e9dd124d80c5401ddc37eb563ddf9099a75f845b8ae6ad50cd2a297c5989e9faf10e96e238683d3ea2b24bc728aa223f8561f80129fa6e622a6dc92f527c6f

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Lulu).kmp

MD5 7a6a61866bfa6fd9cdc96758a2232dfd
SHA1 d45ee66610c64686f2993de53b5e38e9745267ba
SHA256 4527310c9ded77ee983c478783f419b3d41ea850aaefc1470f9b3c74ee16de06
SHA512 09fe866ce2626dede45ffafc18c2daa952544bbb7d5c1afbe4437ff287202c4320ce09d416634a51ceb5bd0998d3047cda0c1e26e5d402b2de42d4d4d753c42c

C:\LDPlayer\LDPlayer3.0\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Fizz).kmp

MD5 59d776b70cdfc45191ac842025098a91
SHA1 7c8ce35fe683b37fc8a147dcde160e37418d9d02
SHA256 e5678f9cdef764f22131b20823bd631bd7c7fa602723de46a4b5204b4c136e9b
SHA512 c16b1b259018fa9c5ce1e62f7bb197040a8a66a9696f7eae71b0fb75e71a0e17f24d491bf40d7d9a4c512631a118314a2605198e660da4940398d19b099bb5ed

memory/1600-3436-0x0000000074330000-0x0000000074354000-memory.dmp

memory/1600-3437-0x00000000740D0000-0x0000000074321000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 21:55

Reported

2024-11-07 22:00

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4084 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 4084 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe
PID 4084 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe C:\Windows\SysWOW64\taskkill.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer Lite.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM dnmultiplayerex.exe /T

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.238:80 www.google-analytics.com tcp
GB 142.250.187.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp

Files

N/A