Edit tour

Windows Analysis Report
General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Overview

General Information

Sample Name:	General_Player_Eng_WIN32_V3.44.0.R.170421.exe
Analysis ID:	803687
MD5:	4deee269d4808b3cb033caba3de5b815
SHA1:	be0d1c6dfb9a78af5d884c92a578403ad29f3651
SHA256:	a262936d9b1eece5d25c09f71d62681b2ed37a522250db0c05e3f63cf7c69a6f
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Tries to delay execution (extensive OutputDebugStringW loop)

Monitors registry run keys for changes

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Searches for the Microsoft Outlook file path

Allocates memory with a write watch (potentially for evading sandboxes)

Drops PE files

Tries to load missing DLLs

Deletes files inside the Windows folder

Drops PE files to the windows directory (C:\Windows)

Creates files inside the system directory

Queries the installation date of Windows

Contains capabilities to detect virtual machines

Stores files to the Windows start menu directory

Queries time zone information

Checks for available system drives (often done to infect USB drives)

Found dropped PE file which has not been started or loaded

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64_ra

General_Player_Eng_WIN32_V3.44.0.R.170421.exe (PID: 236 cmdline: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe MD5: 4DEEE269D4808B3CB033CABA3DE5B815)

vcredist_x86.exe (PID: 6432 cmdline: "C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe" /q MD5: 199CCBE11966C1B636CC6316C7FE8C07)

VCREDI~3.EXE (PID: 6472 cmdline: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE MD5: 1F8E9FEC647700B21D45E6CDA97C39B7)

msiexec.exe (PID: 6508 cmdline: msiexec /i vcredist.msi MD5: F9A3EEE1C3A4067702BC9A59BC894285)

cmd.exe (PID: 4044 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SmartPlayer\ReflushIcon.bat" " MD5: 4943BA1A9B41D69643F69685E35B2943)

conhost.exe (PID: 1504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

rundll32.exe (PID: 380 cmdline: RUNDLL32 SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Users\alfredo\AppData\Local\Temp\TmpInf.inf MD5: D0432468FA4B7F66166C430E1334DBDA)

runonce.exe (PID: 6128 cmdline: "C:\Windows\system32\runonce.exe" -r MD5: AC215E26CE0D0CFAFDFAEA7C6E159208)

grpconv.exe (PID: 2872 cmdline: "C:\Windows\System32\grpconv.exe" -o MD5: 91D455C47F71B38647ACAA3D18018B7F)

SmartPlayer.exe (PID: 6608 cmdline: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe MD5: 24F3228701C1FEA39F45A49F97F15197)

regini.exe (PID: 5768 cmdline: regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini" MD5: 92D7CDD79F53E56612F8252B1BCD562E)

conhost.exe (PID: 4100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

regini.exe (PID: 4812 cmdline: regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini" MD5: 92D7CDD79F53E56612F8252B1BCD562E)

conhost.exe (PID: 5128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

regini.exe (PID: 4980 cmdline: regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini" MD5: 92D7CDD79F53E56612F8252B1BCD562E)

conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

msiexec.exe (PID: 6540 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 2D9F692E71D9985F1C6237F063F6FE76)

msiexec.exe (PID: 6628 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A0D5E52B889E0997231E86FA133B251D MD5: F9A3EEE1C3A4067702BC9A59BC894285)

Taskmgr.exe (PID: 6784 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 0C08189067FCB42C520B970D1FA7D5BF)

Taskmgr.exe (PID: 6840 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 0C08189067FCB42C520B970D1FA7D5BF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Window detected: Back(&P)Install(&I)Cancel(&C)USER LICENSE AGREEMENT ("EULA") 1. Preface Please read the following Agreement carefully before installing the Software. This User License Agreement ("EULA" or "Agreement") is an agreement between you ("You" or "User") and software company the Software provider and the provider of approved services. By installing copying downloading or otherwise using the Software the User agrees to be bound by the terms of this Agreement. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT USE THE SOFTWARE. Please immediately stop installing copying or otherwise using the Software plus delete any parts of the Software that you have installed or stored. 2. Definitions Software: In this Agreement "Software" means information processing program or supporting file composed of modules or functional units with supporting files of all or part of source code object code and relevant images photos icons video sound record video record music text code; plus descriptions functions features contents quality tests user manual EULA and other hardcopies or electronic version of documents or technical files ("Software Product" or "Software") relevant to the Software of interest or company's products. You: In this Agreement "You" means any individual or individual entity corporate entity including company enterprise organization or section that has obtained license to legally use of the Software. Probationary Period: In this Agreement "probationary period" means the period before completion of user registration which allows Users to evaluate the Software within its entity.3. Software Permit On the condition that You comply with the Agreement company grant You the permits of: 1) Permit of Probationary Period Within the probationary period You may install this Software on one device which is under your control for the purpose to evaluate this Software and you may use the complete function offered by this Software. 2) Permit of Business Use a) Rights for Installation and Use: You may install and use this Software on one device which is under your control and you may use the complete function offered by this Software. b) Backup: You may make one copy of the Software for backup use. Unless separately stated in the Agreement You may not make extra copies of the backup copy for any purpose and in any method including attached printed materials electronic files. 4. Limitation of Rights 1) Single Use: You may not install the Software on more than one device unless otherwise agreed by both parties. 2) Sharing Software Restriction: You may not share all or part of the Software to use its full or partial function on more than one device. 3) Software Decomposition Restriction: You may not decompose the Software to use its various functions on different devices or embed its parts into other software systems. 4) Restriction on Software Completeness: You may not delete any statements or warnings regarding copyright and you may not alter modif
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Window detected: Back(&P)Install(&I)Cancel(&C)USER LICENSE AGREEMENT ("EULA") 1. Preface Please read the following Agreement carefully before installing the Software. This User License Agreement ("EULA" or "Agreement") is an agreement between you ("You" or "User") and software company the Software provider and the provider of approved services. By installing copying downloading or otherwise using the Software the User agrees to be bound by the terms of this Agreement. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT USE THE SOFTWARE. Please immediately stop installing copying or otherwise using the Software plus delete any parts of the Software that you have installed or stored. 2. Definitions Software: In this Agreement "Software" means information processing program or supporting file composed of modules or functional units with supporting files of all or part of source code object code and relevant images photos icons video sound record video record music text code; plus descriptions functions features contents quality tests user manual EULA and other hardcopies or electronic version of documents or technical files ("Software Product" or "Software") relevant to the Software of interest or company's products. You: In this Agreement "You" means any individual or individual entity corporate entity including company enterprise organization or section that has obtained license to legally use of the Software. Probationary Period: In this Agreement "probationary period" means the period before completion of user registration which allows Users to evaluate the Software within its entity.3. Software Permit On the condition that You comply with the Agreement company grant You the permits of: 1) Permit of Probationary Period Within the probationary period You may install this Software on one device which is under your control for the purpose to evaluate this Software and you may use the complete function offered by this Software. 2) Permit of Business Use a) Rights for Installation and Use: You may install and use this Software on one device which is under your control and you may use the complete function offered by this Software. b) Backup: You may make one copy of the Software for backup use. Unless separately stated in the Agreement You may not make extra copies of the backup copy for any purpose and in any method including attached printed materials electronic files. 4. Limitation of Rights 1) Single Use: You may not install the Software on more than one device unless otherwise agreed by both parties. 2) Sharing Software Restriction: You may not share all or part of the Software to use its full or partial function on more than one device. 3) Software Decomposition Restriction: You may not decompose the Software to use its various functions on different devices or embed its parts into other software systems. 4) Restriction on Software Completeness: You may not delete any statements or warnings regarding copyright and you may not alter modif
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Window detected: Back(&P)Install(&I)Cancel(&C)USER LICENSE AGREEMENT ("EULA") 1. Preface Please read the following Agreement carefully before installing the Software. This User License Agreement ("EULA" or "Agreement") is an agreement between you ("You" or "User") and software company the Software provider and the provider of approved services. By installing copying downloading or otherwise using the Software the User agrees to be bound by the terms of this Agreement. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT USE THE SOFTWARE. Please immediately stop installing copying or otherwise using the Software plus delete any parts of the Software that you have installed or stored. 2. Definitions Software: In this Agreement "Software" means information processing program or supporting file composed of modules or functional units with supporting files of all or part of source code object code and relevant images photos icons video sound record video record music text code; plus descriptions functions features contents quality tests user manual EULA and other hardcopies or electronic version of documents or technical files ("Software Product" or "Software") relevant to the Software of interest or company's products. You: In this Agreement "You" means any individual or individual entity corporate entity including company enterprise organization or section that has obtained license to legally use of the Software. Probationary Period: In this Agreement "probationary period" means the period before completion of user registration which allows Users to evaluate the Software within its entity.3. Software Permit On the condition that You comply with the Agreement company grant You the permits of: 1) Permit of Probationary Period Within the probationary period You may install this Software on one device which is under your control for the purpose to evaluate this Software and you may use the complete function offered by this Software. 2) Permit of Business Use a) Rights for Installation and Use: You may install and use this Software on one device which is under your control and you may use the complete function offered by this Software. b) Backup: You may make one copy of the Software for backup use. Unless separately stated in the Agreement You may not make extra copies of the backup copy for any purpose and in any method including attached printed materials electronic files. 4. Limitation of Rights 1) Single Use: You may not install the Software on more than one device unless otherwise agreed by both parties. 2) Sharing Software Restriction: You may not share all or part of the Software to use its full or partial function on more than one device. 3) Software Decomposition Restriction: You may not decompose the Software to use its various functions on different devices or embed its parts into other software systems. 4) Restriction on Software Completeness: You may not delete any statements or warnings regarding copyright and you may not alter modif
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Window detected: Back(&P)Install(&I)Cancel(&C)USER LICENSE AGREEMENT ("EULA") 1. Preface Please read the following Agreement carefully before installing the Software. This User License Agreement ("EULA" or "Agreement") is an agreement between you ("You" or "User") and software company the Software provider and the provider of approved services. By installing copying downloading or otherwise using the Software the User agrees to be bound by the terms of this Agreement. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT USE THE SOFTWARE. Please immediately stop installing copying or otherwise using the Software plus delete any parts of the Software that you have installed or stored. 2. Definitions Software: In this Agreement "Software" means information processing program or supporting file composed of modules or functional units with supporting files of all or part of source code object code and relevant images photos icons video sound record video record music text code; plus descriptions functions features contents quality tests user manual EULA and other hardcopies or electronic version of documents or technical files ("Software Product" or "Software") relevant to the Software of interest or company's products. You: In this Agreement "You" means any individual or individual entity corporate entity including company enterprise organization or section that has obtained license to legally use of the Software. Probationary Period: In this Agreement "probationary period" means the period before completion of user registration which allows Users to evaluate the Software within its entity.3. Software Permit On the condition that You comply with the Agreement company grant You the permits of: 1) Permit of Probationary Period Within the probationary period You may install this Software on one device which is under your control for the purpose to evaluate this Software and you may use the complete function offered by this Software. 2) Permit of Business Use a) Rights for Installation and Use: You may install and use this Software on one device which is under your control and you may use the complete function offered by this Software. b) Backup: You may make one copy of the Software for backup use. Unless separately stated in the Agreement You may not make extra copies of the backup copy for any purpose and in any method including attached printed materials electronic files. 4. Limitation of Rights 1) Single Use: You may not install the Software on more than one device unless otherwise agreed by both parties. 2) Sharing Software Restriction: You may not share all or part of the Software to use its full or partial function on more than one device. 3) Software Decomposition Restriction: You may not decompose the Software to use its various functions on different devices or embed its parts into other software systems. 4) Restriction on Software Completeness: You may not delete any statements or warnings regarding copyright and you may not alter modif
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Window detected: Back(&P)Install(&I)Cancel(&C)USER LICENSE AGREEMENT ("EULA") 1. Preface Please read the following Agreement carefully before installing the Software. This User License Agreement ("EULA" or "Agreement") is an agreement between you ("You" or "User") and software company the Software provider and the provider of approved services. By installing copying downloading or otherwise using the Software the User agrees to be bound by the terms of this Agreement. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA YOU MAY NOT USE THE SOFTWARE. Please immediately stop installing copying or otherwise using the Software plus delete any parts of the Software that you have installed or stored. 2. Definitions Software: In this Agreement "Software" means information processing program or supporting file composed of modules or functional units with supporting files of all or part of source code object code and relevant images photos icons video sound record video record music text code; plus descriptions functions features contents quality tests user manual EULA and other hardcopies or electronic version of documents or technical files ("Software Product" or "Software") relevant to the Software of interest or company's products. You: In this Agreement "You" means any individual or individual entity corporate entity including company enterprise organization or section that has obtained license to legally use of the Software. Probationary Period: In this Agreement "probationary period" means the period before completion of user registration which allows Users to evaluate the Software within its entity.3. Software Permit On the condition that You comply with the Agreement company grant You the permits of: 1) Permit of Probationary Period Within the probationary period You may install this Software on one device which is under your control for the purpose to evaluate this Software and you may use the complete function offered by this Software. 2) Permit of Business Use a) Rights for Installation and Use: You may install and use this Software on one device which is under your control and you may use the complete function offered by this Software. b) Backup: You may make one copy of the Software for backup use. Unless separately stated in the Agreement You may not make extra copies of the backup copy for any purpose and in any method including attached printed materials electronic files. 4. Limitation of Rights 1) Single Use: You may not install the Software on more than one device unless otherwise agreed by both parties. 2) Sharing Software Restriction: You may not share all or part of the Software to use its full or partial function on more than one device. 3) Software Decomposition Restriction: You may not decompose the Software to use its various functions on different devices or embed its parts into other software systems. 4) Restriction on Software Completeness: You may not delete any statements or warnings regarding copyright and you may not alter modif

Source: C:\Windows\System32\msiexec.exe

File opened: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcr80.dll

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\AppData\Local\Temp\IXP001.TMP\vcredist.msi
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\AppData\Local\Temp\IXP001.TMP\
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\AppData\
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\AppData\Local\
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	File opened: C:\Users\alfredo\AppData\Local\Temp\

Source: General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Section loaded: ivsdrawer.dll
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Section loaded: dhplay.dll
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Section loaded: wintab32.dll
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Section loaded: wintab32.dll

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIC38F.tmp

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\5cbf49.msi

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe

File read: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Source: General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe RUNDLL32 SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Users\alfredo\AppData\Local\Temp\TmpInf.inf

Source: unknown	Process created: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe "C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe" /q
Source: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /i vcredist.msi
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A0D5E52B889E0997231E86FA133B251D
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A0D5E52B889E0997231E86FA133B251D
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe "C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe" /q
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SmartPlayer\ReflushIcon.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	Process created: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe RUNDLL32 SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Users\alfredo\AppData\Local\Temp\TmpInf.inf
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\system32\runonce.exe" -r
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /i vcredist.msi
Source: C:\Windows\SysWOW64\runonce.exe	Process created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\System32\grpconv.exe" -o
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"
Source: C:\Windows\SysWOW64\regini.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"
Source: C:\Windows\SysWOW64\regini.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"
Source: C:\Windows\SysWOW64\regini.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe RUNDLL32 SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Users\alfredo\AppData\Local\Temp\TmpInf.inf
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\system32\runonce.exe" -r
Source: C:\Windows\SysWOW64\runonce.exe	Process created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\System32\grpconv.exe" -o
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\SmartPlayer\ReflushIcon.bat" "
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process created: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process created: C:\Windows\SysWOW64\regini.exe regini.exe "C:/Program Files (x86)/SmartPlayer/regUserChoice.ini"

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1504:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1504:120:WilError_02
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Mutant created: \Sessions\1\BaseNamedObjects\SmartPlayer
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5128:120:WilError_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4100:120:WilError_02

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\HevcParser.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcr80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\nsisSlideshow.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\adpcmdec.dll	Jump to dropped file
Source: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	File created: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ShellLink.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\SkinBtn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC38F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\speech_enhance.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\g7221dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\dhconfigsdk.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\QtCore4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\amrdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\msvcr80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\H264Parser.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\aacdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\uninst.exe	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\progress.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcp80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcm80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\configsdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\g729dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\MCL_FPTZ.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\postproc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\dhplay.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\mpeg4dec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\hevcdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\svac_dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\IvsDrawer.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\LogDll.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\mp2dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\mp3dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\fisheye.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\msvcp80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\QtGui4.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136401.0\vcomp.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\mjpegdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\SkinProgress.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\h264dec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135551.0\ATL80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\swscale.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\MsgDLL.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\FindProcDLL.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\Program Files (x86)\SmartPlayer\PlayModule.dll	Jump to dropped file

Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPlayer
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPlayer\SmartPlayer.lnk
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPlayer\Uninstall SmartPlayer.lnk

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\runonce.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\grpconv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\grpconv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\grpconv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\grpconv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\HevcParser.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\adpcmdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcr80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ShellLink.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80FRA.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ENU.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\speech_enhance.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\g7221dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\dhconfigsdk.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\QtCore4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80KOR.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80JPN.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\amrdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\msvcr80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\H264Parser.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\aacdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\uninst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHS.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcm80.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcp80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\configsdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ESP.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\g729dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\MCL_FPTZ.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\postproc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\dhplay.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\mpeg4dec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHT.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\hevcdec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\svac_dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\IvsDrawer.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\LogDll.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\mp3dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\mp2dec.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\fisheye.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\msvcp80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\QtGui4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136401.0\vcomp.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\mjpegdec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80DEU.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ITA.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\h264dec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135551.0\ATL80.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\swscale.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80u.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\MsgDLL.dll	Jump to dropped file
Source: C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe	Dropped PE file which has not been started: C:\Program Files (x86)\SmartPlayer\PlayModule.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	1 Scripting	1 Registry Run Keys / Startup Folder	11 Process Injection	22 Masquerading	OS Credential Dumping	1 System Time Discovery	1 Replication Through Removable Media	1 Email Collection	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	12 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	11 Process Injection	NTDS	12 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Scripting	LSA Secrets	1 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Rundll32	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	22 System Information Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Source	Detection	Scanner	Label	Link
General_Player_Eng_WIN32_V3.44.0.R.170421.exe	6%	ReversingLabs
General_Player_Eng_WIN32_V3.44.0.R.170421.exe	0%	Virustotal		Browse

Source	Detection	Scanner	Link
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ButtonEvent.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ButtonEvent.dll	2%	Virustotal	Browse
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\FindProcDLL.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\FindProcDLL.dll	0%	Virustotal	Browse
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\LogDll.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\LogDll.dll	0%	Virustotal	Browse
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\MsgDLL.dll	2%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\SkinBtn.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\System.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\Include\vcredist_x86.exe	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\SkinProgress.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\nsisSlideshow.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\progress.dll	0%	ReversingLabs
C:\Windows\Installer\MSIC38F.tmp	2%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135551.0\ATL80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcm80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcp80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135651.0\msvcr80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfc80u.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072135851.0\mfcm80u.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHS.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80CHT.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80DEU.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ENU.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ESP.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80FRA.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80ITA.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80JPN.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136200.0\mfc80KOR.dll	0%	ReversingLabs
C:\Windows\WinSxS\InstallTemp\20230210072136401.0\vcomp.dll	0%	ReversingLabs
C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\H264Parser.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\HevcParser.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\IvsDrawer.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\MCL_FPTZ.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\PlayModule.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\QtCore4.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\QtGui4.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\SmartPlayer.exe	2%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\aacdec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\adpcmdec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\amrdec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\configsdk.dll	2%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\dhconfigsdk.dll	2%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\dhplay.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\fisheye.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\g7221dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\g729dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\h264dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\hevcdec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\mjpegdec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\mp2dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\mp3dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\mpeg4dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\msvcp80.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\msvcr80.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\postproc.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\speech_enhance.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\svac_dec.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\swscale.dll	0%	ReversingLabs
C:\Users\alfredo\AppData\Local\Temp\nss5DC1.tmp\ShellLink.dll	0%	ReversingLabs
C:\Program Files (x86)\SmartPlayer\uninst.exe	0%	ReversingLabs

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	803687
Start date and time:	2023-02-10 07:20:33 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	44
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample file name:	General_Player_Eng_WIN32_V3.44.0.R.170421.exe
Detection:	MAL
Classification:	mal48.evad.winEXE@33/477@0/0
Cookbook Comments:	Found application associated with file extension: .exe

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	50825
Entropy (8bit):	5.708080208443427
Encrypted:	false
SSDEEP:
MD5:	6BFC180D69D102B6E33AC915AE32733A
SHA1:	539705FC574659D75916850BD9099E5C08BE5330
SHA-256:	CEEE336112C35F9D5E3D534968445200C70A2BF3144010A233D6B1166828E01E
SHA-512:	32EE7C9D046F516E323649740092E17F9B12E8C86877CCE2360C94EEF3B0E9C04ED6B6A2520DBCFC31BFD163751528CF331ECB14BD058552654D8FB99D082E6D
Malicious:	false
Reputation:	low
Preview:	...@IXOS.@.....@.:JV.@.....@.....@.....@.....@.....@......&.{7299052b-02a4-4627-81f2-1818da5d550d}).Microsoft Visual C++ 2005 Redistributable..vcredist.msi.@.....@.....@.....@........&.{675C0FCE-58D9-435D-9AD8-ACDCB5808A3A}.....@.....@.....@.....@.......@.....@.....@.......@....).Microsoft Visual C++ 2005 Redistributable......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A49F249F-0C91-497F-86DF-B2585E8E76B7}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{EC50BE77-3064-11D5-A54A-0090278A1BB8}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{946F6004-4E08-BCAB-E01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-B01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.{9B2CAF3C-B0AB-11EC-C01F-C8B3B9A1E18E}&.{7299052b-02a4-4627-81f2-1818da5d550d}.@......&.

Process:	C:\Users\alfredo\Desktop\General_Player_Eng_WIN32_V3.44.0.R.170421.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	714
Entropy (8bit):	4.650837498563081
Encrypted:	false
SSDEEP:
MD5:	1D217B410503D82ED0EED633D22455B7
SHA1:	D1039365D834FB11E8E5E2D7D5CDC656490EF2BD
SHA-256:	940F538496FEA6B687A6173BE17D83A187E328AD7F2200AF6DFF470351385E7C
SHA-512:	834C838596677FA4486F2AD50146B81E58A2B1631471C42303E53B6910212FE8A2C3E42D023FBF47506CEF5F4B9F2EC5A1349F9718BA5122B4B4B173F2BDA797
Malicious:	false
Reputation:	low
Preview:	<Setting>.. <UIConfig>.. <SnapPath value="" Default="" />.. <VideoPath value="" Default="" />.. <Proportion value="0" Default="0" Min="0" Max="0" Scale="0" />.. <ShowTrace value="0" Default="0" Min="0" Max="1" />.. <Language value="0" Default="0" Min="0" Max="0" Scale="0" />.. <VerticalSyn value="0" Default="0" Min="0" Max="1" />.. <SnapFormat value="0" Default="0" Min="0" Max="0" Scale="0" />.. <VideoFormat value="0" Default="0" Min="0" Max="0" Scale="0" />.. <OldPath value="" Default="" />.. <strRecordFormat value=".dav;.dav_;.avi;.mp4;.flv;.asf;.mov;" Default=".dav;.dav_;.avi;.mp4;.flv;.asf;.mov;" />.. </UIConfig>..</Setting>..

Process:	C:\Windows\System32\Taskmgr.exe
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:
MD5:	F49655F856ACB8884CC0ACE29216F511
SHA1:	CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
SHA-256:	7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
SHA-512:	599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
Malicious:	false
Reputation:	low
Preview:	EERF

Process:	C:\Windows\SysWOW64\runonce.exe
File Type:	data
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	2.1009149358848207
Encrypted:	false
SSDEEP:
MD5:	55316BBB00B8EDECF81A897117861D66
SHA1:	D7B3B91CFDAA2CB98085500299D4D2F464A455FB
SHA-256:	35B39978D7FC13B30F4A18019F66EE03E0FE2EA998E3460DF7116D3A8B812AF1
SHA-512:	0924B716144AA4E12F2110A6426E6CAD1F320B3D12C51FFEF8FFAE7DAFECCB3E1E71C63E100895CE8071B5E6121ACFB22D01296F56A90EC674B445430CE53D2B
Malicious:	false
Reputation:	low
Preview:	. ......................................................................................u?.@............. .......G......jK...=..Zb..........................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...........................................................`0z.............t....=..........E.x.p.l.o.r.e.r.S.t.a.r.t.u.p.L.o.g._.R.u.n.O.n.c.e...C.:.\.U.s.e.r.s.\.a.l.f.r.e.d.o.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.E.x.p.l.o.r.e.r.\.E.x.p.l.o.r.e.r.S.t.a.r.t.u.p.L.o.g._.R.u.n.O.n.c.e...e.t.l.......P.P.........r[.@....................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (369), with CRLF line terminators
Category:	dropped
Size (bytes):	834
Entropy (8bit):	3.712564055655367
Encrypted:	false
SSDEEP:
MD5:	889E3488508F3BD9BE114156591BB1B5
SHA1:	4A24EA8D845D4D742B8BCFCB0E4279AEE5D522A4
SHA-256:	F12C2F03FF94D9F283CC152BA9B19909027D561F33390E3C003CE15C1B6CEEB2
SHA-512:	BAD5927E8412ED201CC6B84A225DE893DE76B5DA8F0F57E794F281ECF2577240D6A0F151C82E6D4770AB10D0E9DF19005F36F1037B77CCF8874D07706A675021
Malicious:	false
Reputation:	low
Preview:	..E.r.r.o.r. .1.9.3.5...A.n. .e.r.r.o.r. .o.c.c.u.r.r.e.d. .d.u.r.i.n.g. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n. .o.f. .a.s.s.e.m.b.l.y. .'.M.i.c.r.o.s.o.f.t...V.C.8.0...A.T.L.,.t.y.p.e.=.".w.i.n.3.2.".,.v.e.r.s.i.o.n.=.".8...0...5.0.7.2.7...7.6.2.".,.p.u.b.l.i.c.K.e.y.T.o.k.e.n.=.".1.f.c.8.b.3.b.9.a.1.e.1.8.e.3.b.".,.p.r.o.c.e.s.s.o.r.A.r.c.h.i.t.e.c.t.u.r.e.=.".x.8.6.".'... .P.l.e.a.s.e. .r.e.f.e.r. .t.o. .H.e.l.p. .a.n.d. .S.u.p.p.o.r.t. .f.o.r. .m.o.r.e. .i.n.f.o.r.m.a.t.i.o.n... .H.R.E.S.U.L.T.:. .0.x.8.0.0.7.0.4.2.2... .a.s.s.e.m.b.l.y. .i.n.t.e.r.f.a.c.e.:. .I.A.s.s.e.m.b.l.y.C.a.c.h.e.I.t.e.m.,. .f.u.n.c.t.i.o.n.:. .C.o.m.m.i.t.,. .c.o.m.p.o.n.e.n.t.:. .{.9.7.F.8.1.A.F.1.-.0.E.4.7.-.D.C.9.9.-.A.0.1.F.-.C.8.B.3.B.9.A.1.E.1.8.E.}.....=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2./.1.0./.2.0.2.3. . .7.:.2.1.:.3.9. .=.=.=.....

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	58
Entropy (8bit):	4.6848930637946795
Encrypted:	false
SSDEEP:
MD5:	9741B173E2DCB6B1F98D8EC3B615ED52
SHA1:	C18BA9B1CFFA395180F131F10BA05951F0BFC3DE
SHA-256:	33B5FE2678356F862905825EC829833C185D3816717929E1D47E65A213C0B733
SHA-512:	2FD6B26870AEA718E6BEF9743AE7079691FD61E319C421A8ED727B4E35B4CE0AB3679E03F026CEC5A2C916D9779600B67FD451C83857CB71568F69A56A9FF8A2
Malicious:	false
Reputation:	low
Preview:	[Version]..Signature = "$Windows NT$"..[DefaultInstall] ..

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999688940371364
TrID:	Win32 Executable (generic) a (10002005/4) 92.05% NSIS - Nullsoft Scriptable Install System (846627/2) 7.79% Windows Screen Saver (13104/52) 0.12% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	General_Player_Eng_WIN32_V3.44.0.R.170421.exe
File size:	15354391
MD5:	4deee269d4808b3cb033caba3de5b815
SHA1:	be0d1c6dfb9a78af5d884c92a578403ad29f3651
SHA256:	a262936d9b1eece5d25c09f71d62681b2ed37a522250db0c05e3f63cf7c69a6f
SHA512:	b384c9941ce3da256b6e0e4c4930086ea28ac8b406cefa0eef3ab46ce90f445c2ae70543e4d8fc7b93805c393364a27c84bee7892d44e8181097c114300c0128
SSDEEP:	393216:pxJ8Ma4HwZMRxdHgU7UeuSD9ib6Qg97C2O0qkHIIYmYgTY:pxJ8cQZM5HgoxuWGR0tHfYmY7
TLSH:	DFF633E5353666FFC5878632250FD11AB43187A8D7A74107C0E9BB79CE28345F839AB8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................Z.........

Entrypoint:	0x4030cb
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x4B1AE3C1 [Sat Dec 5 22:50:41 2009 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	7fa974366048f9c551ef45714595665e

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Created / dropped Files

C:\Config.Msi\5cbf4b.rbs

C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll

C:\Program Files (x86)\SmartPlayer\Config\config.xml

C:\Program Files (x86)\SmartPlayer\H264Parser.dll

C:\Program Files (x86)\SmartPlayer\HevcParser.dll

C:\Program Files (x86)\SmartPlayer\IvsDrawer.dll

C:\Program Files (x86)\SmartPlayer\Lang_0.xml

C:\Program Files (x86)\SmartPlayer\Lang_1.xml

C:\Program Files (x86)\SmartPlayer\MCL_FPTZ.dll

C:\Program Files (x86)\SmartPlayer\PlayModule.dll

C:\Program Files (x86)\SmartPlayer\Player User's Guide_Chn.pdf

C:\Program Files (x86)\SmartPlayer\Player User's Guide_Eng.pdf

C:\Program Files (x86)\SmartPlayer\QtCore4.dll

C:\Program Files (x86)\SmartPlayer\QtGui4.dll

C:\Program Files (x86)\SmartPlayer\ReflushIcon.bat

C:\Program Files (x86)\SmartPlayer\Skin\AboutPic.png

C:\Program Files (x86)\SmartPlayer\Skin\BackwardDisable.png

C:\Program Files (x86)\SmartPlayer\Skin\BackwardEnable.png

C:\Program Files (x86)\SmartPlayer\Skin\Btn_ChannelSelect_down.png

C:\Program Files (x86)\SmartPlayer\Skin\Btn_ChannelSelect_nor.png

C:\Program Files (x86)\SmartPlayer\Skin\Checkbox.png

C:\Program Files (x86)\SmartPlayer\Skin\ComboBox.png

C:\Program Files (x86)\SmartPlayer\Skin\ComboBox_long.png

C:\Program Files (x86)\SmartPlayer\Skin\ComboBox_longlong.png

C:\Program Files (x86)\SmartPlayer\Skin\Edt_Browser_125_24.png

C:\Program Files (x86)\SmartPlayer\Skin\ForwardDisable.png

C:\Program Files (x86)\SmartPlayer\Skin\ForwardEnable.png

C:\Program Files (x86)\SmartPlayer\Skin\Frame.png

C:\Program Files (x86)\SmartPlayer\Skin\FrameMain.png

C:\Program Files (x86)\SmartPlayer\Skin\FramePop.png

C:\Program Files (x86)\SmartPlayer\Skin\Frame_1.png

C:\Program Files (x86)\SmartPlayer\Skin\ListCtrlnew.png

C:\Program Files (x86)\SmartPlayer\Skin\NoVideo.png

C:\Program Files (x86)\SmartPlayer\Skin\PreviewComboBox.png

C:\Program Files (x86)\SmartPlayer\Skin\PrincessRecord.png

C:\Program Files (x86)\SmartPlayer\Skin\SB_H_Dis.png

C:\Program Files (x86)\SmartPlayer\Skin\SB_H_Dn.png

Windows Analysis Report
General_Player_Eng_WIN32_V3.44.0.R.170421.exe

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x73a4	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3e000	0x34b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x28c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x58d2	0x5a00	False	0.665234375	data	6.4331003482809646	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1190	0x1200	False	0.4453125	data	5.179763757809345	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1af78	0x400	False	0.55078125	data	4.617802320695973	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x24000	0x1a000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3e000	0x34b8	0x3600	False	0.3629195601851852	data	4.775558291733339	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country
RT_ICON	0x3e3a0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States
RT_ICON	0x3f248	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States
RT_ICON	0x3faf0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States
RT_DIALOG	0x40058	0x220	data	English	United States
RT_DIALOG	0x40278	0x130	data	English	United States
RT_DIALOG	0x403a8	0x1b4	data	English	United States
RT_DIALOG	0x40560	0xee	data	English	United States
RT_DIALOG	0x40650	0x20c	data	English	United States
RT_DIALOG	0x40860	0x11c	data	English	United States
RT_DIALOG	0x40980	0x1a0	data	English	United States
RT_DIALOG	0x40b20	0xda	data	English	United States
RT_DIALOG	0x40c00	0x20c	data	English	United States
RT_DIALOG	0x40e10	0x11c	data	English	United States
RT_DIALOG	0x40f30	0x1a0	data	English	United States
RT_DIALOG	0x410d0	0xda	data	English	United States
RT_GROUP_ICON	0x411b0	0x30	data	English	United States
RT_MANIFEST	0x411e0	0x2d3	XML 1.0 document, ASCII text, with very long lines (723), with no line terminators	English	United States

DLL	Import
KERNEL32.dll	CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
USER32.dll	EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll	RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre