Windows Analysis Report
LocalPlayback.exe

Overview

General Information

Sample name: LocalPlayback.exe
Analysis ID: 1541117
MD5: ef3eafbf2d877473b2802e1add2857ad
SHA1: c60a150229844a0f1822556700c6a8cefd683a30
SHA256: 88fcc295ae1a01ca93de900d4fd56411dbf197453d07e2c109faa714558bf81b
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 49
Range: 0 - 100

Signatures

PE file has a writeable .text section
Registers a new ROOT certificate
Checks for available system drives (often done to infect USB drives)
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045439B __EH_prolog3_GS,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,GetLastError,_memmove,CryptImportPublicKeyInfo,GetLastError,CryptVerifySignatureW, 2_2_0045439B
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00453F68 __EH_prolog3_GS,CryptAcquireCertificatePrivateKey,GetLastError,CryptCreateHash,GetLastError,CryptHashData,CryptHashData,CryptHashData,CryptSignHashW,CryptSignHashW,CryptSignHashW,GetLastError,GetLastError,WriteFile,WriteFile,WriteFile, 2_2_00453F68
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00447378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 19_2_00447378
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00428101 CryptHashPublicKeyInfo,GetLastError, 19_2_00428101
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00428386 DecryptFileW, 19_2_00428386
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00427E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 19_2_00427E2A
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003E7378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 22_2_003E7378
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003C8101 CryptHashPublicKeyInfo,GetLastError, 22_2_003C8101
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003C8386 DecryptFileW, 22_2_003C8386
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003C7E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 22_2_003C7E2A
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F28386 DecryptFileW, 27_2_00F28386
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F28101 CryptHashPublicKeyInfo,GetLastError, 27_2_00F28101
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F47378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 27_2_00F47378
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F27E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 27_2_00F27E2A
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_66f99156-0

Compliance
barindex
Uses 32bit PE files
Source: LocalPlayback.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\Users\user~1\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Source: LocalPlayback.exe Static PE information: certificate valid
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msvcr90.dll Jump to behavior
Source: Binary string: Nsd.pdb' source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\ToolShareModule\ToolShareModule.pdb source: LocalPlayback.exe, 0000001E.00000002.2575260611.000000006C8F8000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: .pdb? source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Project\2018NewVersionTools\UpgradeTool\code\target\UpgradeTool\Upgrade.pdb source: LocalPlayback.exe, 0000001E.00000002.2574995176.000000006C8CA000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: qddsd.pdbEScritOpedm source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: LocalPlayback.exe, 00000002.00000000.1288293705.00000000004AD000.00000002.00000001.01000000.00000004.sdmp, LocalPlayback.exe, 00000002.00000002.2430910825.00000000004AD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: qtgad.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\Standard\\sqlpsql.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.pdbbddll} source: LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\VS2013\ToolGuiToolkit\ToolGuiToolkit.pdb source: LocalPlayback.exe, 0000001E.00000002.2573472697.000000006BE0A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmp.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\plugins\\indowsd.pdbws.ll source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qgifd.pdbl source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Project\2018NewVersionTools\UpgradeTool\code\target\UpgradeTool\Upgrade.pdb(( source: LocalPlayback.exe, 0000001E.00000002.2574995176.000000006C8CA000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: \??\C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.pdbltmpI source: LocalPlayback.exe, 00000002.00000003.2169399913.0000000005A92000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435360519.0000000005A92000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2427166168.0000000005A92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xC:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb. source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\PROJ\hpr\hpr_svn\lib\vs2008\hpr.pdb source: LocalPlayback.exe, 0000001E.00000002.2572733998.000000006BB42000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: qwebpd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qwbmpd.pdbScritOpedJ;^ source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\plugins\\indowsd.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x86.exe, 0000001C.00000002.2561765338.00000000700E5000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: qminimald.pdbritOped&;2 source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qtiffd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_x86.exe, 00000013.00000000.1787811525.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000002.1873216538.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000003.1807866305.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000014.00000002.1873113180.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000000.1791920978.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x64_2013.exe, 00000016.00000002.1937952943.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000016.00000000.1876182782.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000002.1938343186.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000000.1877246310.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x86.exe, 0000001B.00000002.1943499977.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001B.00000000.1932728808.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000002.2559508643.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000000.1936608719.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qjpegd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\VS2013\LocalPlayback\LocalPlayback.pdb source: LocalPlayback.exe, 0000001E.00000000.2168265549.0000000000D2C000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Compiler_SDK_HDFile_Win32\win\VS2013\Release\HDFileSDK.pdb source: LocalPlayback.exe, 0000001E.00000002.2573042521.000000006BCCB000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdbw source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\CommonSkin\CommonSkin.pdb source: LocalPlayback.exe, 0000001E.00000002.2568990669.000000006ADBD000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x86.exe, 0000001C.00000002.2561765338.00000000700E5000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: qwbmpd.pdbXP1 source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qicod.pdbcod.llb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.pdb.lll source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\work\SuperRender\0000000\bin\win32\Private_PDB32\SuperRender.pdb8 ' source: LocalPlayback.exe, 0000001E.00000002.2561255132.0000000001267000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: qwindowsd.pdbritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreend.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vcredist_x86.exe, 00000013.00000003.1819940196.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000013.00000003.1815835578.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1898813039.0000000000953000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1901279866.000000000098E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwebp.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_SDK_HCNetUtils_win32\common\HCNetUtils\win32\lib\HCNetUtils.pdb source: LocalPlayback.exe, 0000001E.00000002.2570472714.000000006B205000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwebpd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmpd.pdbt source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlited.pdbb source: LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb.dldbA source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\work\SuperRender\0000000\bin\win32\Private_PDB32\SuperRender.pdb source: LocalPlayback.exe, 0000001E.00000002.2561255132.0000000001267000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qtiff.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qicnsd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: _isres_0x0409.dlllayout.bindata1.hdrdata1.cabsetup.exeISSetup.dll0x0804.ini0x0409.inisetup.iniAnalyzeData.dllAudioRender.dllcalib.dllD3DCompiler_43.dllD3DX9_43.dllEagleEyeRender.dllgdiplus.dllHCCore.dllHCNetSDK.dllHCNetUtils.dllHDFileSDK.dllhpr.dllHWDecode.dlliconv.dlllibxml2.dllLocalPlayback.exeLocalPlayback.ism.771LocalXml.zipMP_Render.dllMP_VIE.dllOpenAL32.dllPlayCtrl.dllQt5Core.dllQt5Gui.dllQt5Network.dllQt5PrintSupport.dllQt5Widgets.dllQt5Xml.dllSettings.xmlSuperRender.dllToolGuiToolkit.dllToolShareModule.dllToolShareModule.libUpgrade.dllUpgrade.xmlYUVProcess.dllzlib1.dllAudioIntercom.dllDsSdk.dllHCAlarm.dllHCAlarm.libHCCoreDevCfg.dllHCDisplay.dllHCGeneralCfgMgr.dllHCGeneralCfgMgr.libHCIndustry.dllHCPlayBack.dllHCPreview.dllHCPreview.libHCVoiceTalk.dlllibiconv2.dllmsvcr90.dllStreamTransClient.dllSystemTransform.dllqdds.dllqddsd.dllqddsd.pdbqgif.dllqgifd.dllqgifd.pdbqicns.dllqicnsd.dllqicnsd.pdbqico.dllqicod.dllqicod.pdbqjpeg.dllqjpegd.dllqjpegd.pdbqsvg.dllqsvgd.dllqsvgd.pdbqtga.dllqtgad.dllqtgad.pdbqtiff.dllqtiffd.dllqtiffd.pdbqwbmp.dllqwbmpd.dllqwbmpd.pdbqwebp.dllqwebpd.dllqwebpd.pdbqminimal.dllqminimald.dllqminimald.pdbqoffscreen.dllqoffscreend.dllqoffscreend.pdbqwindows.dllqwindowsd.dllqwindowsd.pdbqsqlite.dllqsqlited.dllqsqlited.pdbqsqlmysql.dllqsqlmysqld.dllqsqlmysqld.pdbqsqlpsql.dllqsqlpsqld.dllqsqlpsqld.pdbLocalPlayback_en.qmLocalPlayBack_en.tsLocalPlayback_zh.qmLocalPlayBack_zh.tsqt_en.qmqt_zh_CN.qmToolGuiToolkit_en.qmToolGuiToolkit_en.tsToolGuiToolkit_zh.qmToolGuiToolkit_zh.tsToolShareModule_en.qmToolShareModule_en.tsToolShareModule_zh.qmToolShareModule_zh.ts,g0W source: LocalPlayback.exe, 00000002.00000003.2197605938.0000000000855000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000006.00000002.2196188784.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000006.00000000.1332346457.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000007.00000002.1335450557.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000007.00000000.1333414243.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000008.00000000.1334155324.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000008.00000002.1336690488.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000009.00000002.1338208405.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000009.00000000.1334838319.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000A.00000000.1335823221.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000A.00000002.1338230664.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000B.00000002.2171021829.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000B.00000000.1389523104.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qsvgd.pdbpg.llg source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qgifd.pdbEScritOpedn;z source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setup.inxlicense.rtfSetup.xmlvcredist_x64_2013.exevcredist_x86.exeFontData.iniDIFxData.inicorecomp.inidotnetinstaller.exedotnetinstaller.exe.configISBEW64.exeStringTable_0x0804.ipsStringTable_0x0409.ipsisrt.dlldefault.pal_isres_0x0804.dll_isres_0x0409.dlllayout.bindata1.hdrdata1.cabsetup.exeISSetup.dll0x0804.ini0x0409.inisetup.iniAnalyzeData.dllAudioRender.dllcalib.dllD3DCompiler_43.dllD3DX9_43.dllEagleEyeRender.dllgdiplus.dllHCCore.dllHCNetSDK.dllHCNetUtils.dllHDFileSDK.dllhpr.dllHWDecode.dlliconv.dlllibxml2.dllLocalPlayback.exeLocalPlayback.ism.771LocalXml.zipMP_Render.dllMP_VIE.dllOpenAL32.dllPlayCtrl.dllQt5Core.dllQt5Gui.dllQt5Network.dllQt5PrintSupport.dllQt5Widgets.dllQt5Xml.dllSettings.xmlSuperRender.dllToolGuiToolkit.dllToolShareModule.dllToolShareModule.libUpgrade.dllUpgrade.xmlYUVProcess.dllzlib1.dllAudioIntercom.dllDsSdk.dllHCAlarm.dllHCAlarm.libHCCoreDevCfg.dllHCDisplay.dllHCGeneralCfgMgr.dllHCGeneralCfgMgr.libHCIndustry.dllHCPlayBack.dllHCPreview.dllHCPreview.libHCVoiceTalk.dlllibiconv2.dllmsvcr90.dllStreamTransClient.dllSystemTransform.dllqdds.dllqddsd.dllqddsd.pdbqgif.dllqgifd.dllqgifd.pdbqicns.dllqicnsd.dllqicnsd.pdbqico.dllqicod.dllqicod.pdbqjpeg.dllqjpegd.dllqjpegd.pdbqsvg.dllqsvgd.dllqsvgd.pdbqtga.dllqtgad.dllqtgad.pdbqtiff.dllqtiffd.dllqtiffd.pdbqwbmp.dllqwbmpd.dllqwbmpd.pdbqwebp.dllqwebpd.dllqwebpd.pdbqminimal.dllqminimald.dllqminimald.pdbqoffscreen.dllqoffscreend.dllqoffscreend.pdbqwindows.dllqwindowsd.dllqwindowsd.pdbqsqlite.dllqsqlited.dllqsqlited.pdbqsqlmysql.dllqsqlmysqld.dllqsqlmysqld.pdbqsqlpsql.dllqsqlpsqld.dllqsqlpsqld.pdbLocalPlayback_en.qmLocalPlayBack_en.tsLocalPlayback_zh.qmLocalPlayBack_zh.tsqt_en.qmqt_zh_CN.qmToolGuiToolkit_en.qmToolGuiToolkit_en.tsToolGuiToolkit_zh.qmToolGuiToolkit_zh.tsToolShareModule_en.qmToolShareModule_en.tsToolShareModule_zh.qmToolShareModule_zh.ts,g0W source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196340763.000000000084F000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000844000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlited.pdbcritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdbimage/~ source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsqld.pdb@ source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlpsqld.pdbritOped$%4 source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qicnsd.pdbrmdlll source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qddsd.pdbformdll source: LocalPlayback.exe, 00000002.00000003.2198116230.000000000082E000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2189404783.000000000082C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qtgad.pdbp.dl source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /LocalPlayback/imageformats/qwebpd.pdb' source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\AudioRender0\WindowsAudio2\bin\win32\Private_PDB32\AudioRender.pdb =k source: LocalPlayback.exe, 0000001E.00000002.2571115843.000000006B3C9000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: qsvgd.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :/aptui/complex/Images/System/Complex/date.pngtgad.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlmysqld.pdbtOpedX:P source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@F source: vcredist_x86.exe, 00000013.00000000.1787811525.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000002.1873216538.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000002.1873113180.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000000.1791920978.000000000044A000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: kqsvgd.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vcredist_x86.exe, 00000013.00000003.1807866305.0000000000F47000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@@ source: vcredist_x64_2013.exe, 00000016.00000002.1937952943.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000016.00000000.1876182782.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000002.1938343186.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000000.1877246310.00000000003EA000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\CommonSkin\CommonStyle.pdb source: LocalPlayback.exe, 0000001E.00000002.2575854670.000000006FF59000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmpd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\AudioRender0\WindowsAudio2\bin\win32\Private_PDB32\AudioRender.pdb source: LocalPlayback.exe, 0000001E.00000002.2571115843.000000006B3C9000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: qjpegd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qtiffd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kegd.pdbX source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qminimald.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qoffscreend.pdbtOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qjpegd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdbe Q source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb3 source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qicod.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@ source: vcredist_x86.exe, 0000001B.00000002.1943499977.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001B.00000000.1932728808.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000002.2559508643.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000000.1936608719.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z:
Source: C:\Windows\System32\msiexec.exe File opened: x:
Source: C:\Windows\System32\msiexec.exe File opened: v:
Source: C:\Windows\System32\msiexec.exe File opened: t:
Source: C:\Windows\System32\msiexec.exe File opened: r:
Source: C:\Windows\System32\msiexec.exe File opened: p:
Source: C:\Windows\System32\msiexec.exe File opened: n:
Source: C:\Windows\System32\msiexec.exe File opened: l:
Source: C:\Windows\System32\msiexec.exe File opened: j:
Source: C:\Windows\System32\msiexec.exe File opened: h:
Source: C:\Windows\System32\msiexec.exe File opened: f:
Source: C:\Windows\System32\msiexec.exe File opened: b:
Source: C:\Windows\System32\msiexec.exe File opened: y:
Source: C:\Windows\System32\msiexec.exe File opened: w:
Source: C:\Windows\System32\msiexec.exe File opened: u:
Source: C:\Windows\System32\msiexec.exe File opened: s:
Source: C:\Windows\System32\msiexec.exe File opened: q:
Source: C:\Windows\System32\msiexec.exe File opened: o:
Source: C:\Windows\System32\msiexec.exe File opened: m:
Source: C:\Windows\System32\msiexec.exe File opened: k:
Source: C:\Windows\System32\msiexec.exe File opened: i:
Source: C:\Windows\System32\msiexec.exe File opened: g:
Source: C:\Windows\System32\msiexec.exe File opened: e:
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a:
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00424C8F __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,LZOpenFileW,LZOpenFileW,LZCopy,LZClose,LZClose,DeleteFileW,lstrcpyW, 2_2_00424C8F
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045145E __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW, 2_2_0045145E
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0044F772 GetProcAddress,SearchPathW,GetModuleFileNameW,FindFirstFileW,VirtualQuery,VirtualProtect,VirtualProtect, 2_2_0044F772
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0042BF7F FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW, 2_2_0042BF7F
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00428BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 19_2_00428BE8
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_004466A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 19_2_004466A3
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00445710 _memset,FindFirstFileW,FindClose, 19_2_00445710
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003C8BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 22_2_003C8BE8
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003E66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 22_2_003E66A3
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003E5710 _memset,FindFirstFileW,FindClose, 22_2_003E5710
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F466A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 27_2_00F466A3
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F28BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 27_2_00F28BE8
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F45710 _memset,FindFirstFileW,FindClose, 27_2_00F45710
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DA685 _memset,FindFirstFileW,FindClose, 28_2_700DA685
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C51A50 GetLogicalDrives,??0QByteArray@@QAE@XZ,??0QMessageBox@@QAE@PAVQWidget@@@Z,GetLogicalDriveStringsW,memset,GetDriveTypeW,?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z,?data@QArrayData@@QAEPAXXZ,??1QMessageBox@@UAE@XZ,??1QString@@QAE@XZ,?data@QArrayData@@QAEPAXXZ,?data@QArrayData@@QAEPAXXZ,?deallocate@QArrayData@@SAXPAU1@II@Z, 30_2_00C51A50
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\FontData.ini Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\ Jump to behavior
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /4200/tool/windows/LocalPlayback/package.json HTTP/1.1Host: hikdownload.hik-connect.com
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49983 -> 49.51.129.211:80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00436994 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError, 19_2_00436994
Source: global traffic HTTP traffic detected: GET /4200/tool/windows/LocalPlayback/package.json HTTP/1.1Host: hikdownload.hik-connect.com
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: Ok04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: global traffic DNS traffic detected: DNS query: hikdownload.hik-connect.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 11:01:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 242Connection: keep-aliveServer: TengineData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body bgcolor="white"><h1>404 Not Found</h1><p>The requested URL was not found on this server.<hr/>Powered by Tengine</body></html>
Source: LocalPlayback.exe, 00000002.00000000.1288293705.00000000004AD000.00000002.00000001.01000000.00000004.sdmp, LocalPlayback.exe, 00000002.00000002.2430910825.00000000004AD000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://=0x%04x.iniMS
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: http://bugreports.qt.io/
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: http://bugreports.qt.io/finishedServerMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogic
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: LocalPlayback.exe, 00000002.00000003.2197605938.0000000000855000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://deviis4.installshield.com/NetNirvana/
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196340763.000000000084F000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000844000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://deviis4.installshield.com/NetNirvana/m
Source: LocalPlayback.exe, 0000001E.00000002.2563943582.00000000035A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hikdownload.hik-connect.com.pngloseView.pngr.Q
Source: LocalPlayback.exe, 0000001E.00000002.2565211131.0000000003A2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hikdownload.hik-connect.com/4200/tool/windows/LocalPlayback/v/standard/en/LocalPlayback
Source: LocalPlayback.exe, 0000001E.00000002.2565211131.0000000003A2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hikdownload.hik-connect.com/4200/tool/windows/LocalPlayback/v/standard/en/LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2565211131.0000000003A2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hikdownload.hik-connect.com/4200/tool/windows/LocalPlayback/v/standard/en/LocalPlayback.exeF
Source: LocalPlayback.exe, 0000001E.00000002.2564948444.0000000003917000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ns.adobe.co
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: vcredist_x86.exe, 00000014.00000003.1868826765.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, vcredist_x86.exe, 00000014.00000003.1869418883.00000000027D0000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000014.00000003.1793238511.000000000062F000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000017.00000003.1934969780.00000000018B0000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000017.00000003.1933566497.000000000391B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x86.exe, 0000001B.00000003.1935920151.0000000000652000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 0000001C.00000002.2560839508.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, vcredist_x86.exe, 0000001C.00000002.2556580978.0000000000920000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 0000001C.00000003.1938300398.00000000009AD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: vcredist_x64_2013.exe, 00000017.00000003.1933566497.000000000391B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010cessR
Source: vcredist_x64_2013.exe, 00000017.00000003.1933566497.000000000391B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010o
Source: LocalPlayback.exe, 00000002.00000003.1336775342.0000000002BA9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.company.com
Source: LocalPlayback.exe, 00000002.00000003.1337188638.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2433505889.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424468858.0000000002B83000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337342198.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2195158245.0000000002B82000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337050034.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197888428.0000000002B83000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1336897127.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2428892620.0000000002B83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.company.comt
Source: LocalPlayback.exe, 00000002.00000003.1337342198.0000000002B82000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424684901.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2190273382.0000000005CAF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2186596203.0000000005CA2000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436551431.0000000005CB1000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1329950331.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1965739685.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1965894729.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1964381135.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2170880571.0000000005CA2000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198375398.0000000005CAF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197831927.0000000005CA7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.com
Source: LocalPlayback.exe, 00000002.00000003.2196340763.000000000084F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.com4
Source: LocalPlayback.exe, 00000002.00000003.2424684901.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436551431.0000000005CB1000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198375398.0000000005CAF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197831927.0000000005CA7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.comCT
Source: LocalPlayback.exe, 00000002.00000003.2424684901.0000000005CB0000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436551431.0000000005CB1000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198375398.0000000005CAF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197831927.0000000005CA7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.comER
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000844000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.comX
Source: LocalPlayback.exe, 00000002.00000003.1313616804.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1304570653.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1303819742.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1315533478.00000000007EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.comal
Source: LocalPlayback.exe, 00000002.00000003.2195158245.0000000002B82000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197888428.0000000002B83000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2200256507.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.hikvision.coml=%ld
Source: LocalPlayback.exe, LocalPlayback.exe, 00000002.00000000.1288293705.00000000004AD000.00000002.00000001.01000000.00000004.sdmp, LocalPlayback.exe, 00000002.00000002.2430910825.00000000004AD000.00000002.00000001.01000000.00000004.sdmp, LocalPlayback.exe, 00000002.00000003.1329950331.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1965739685.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1965894729.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1313616804.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1964381135.0000000006600000.00000004.00000800.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1302943701.0000000002920000.00000040.00001000.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1304570653.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1303819742.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1315533478.00000000007EF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: http://www.phreedom.org/md5)
Source: LocalPlayback.exe, 0000001E.00000002.2571774893.000000006B4F0000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: LocalPlayback.exe, 0000001E.00000002.2571320041.000000006B3F9000.00000002.00000001.01000000.00000022.sdmp String found in binary or memory: http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
Creates a DirectInput object (often for capturing keystrokes)
Source: LocalPlayback.exe, 0000001E.00000002.2561255132.0000000001267000.00000002.00000001.01000000.00000026.sdmp Binary or memory string: DirectDrawCreateEx memstr_f53362d3-4

E-Banking Fraud
barindex
Registers a new ROOT certificate
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00453B2B __EH_prolog3,CertOpenSystemStoreW,CertOpenSystemStoreW,CertOpenSystemStoreW,CertAddCertificateContextToStore,GetLastError,CertGetIssuerCertificateFromStore,CertAddCertificateContextToStore,GetLastError,CertGetIssuerCertificateFromStore, 2_2_00453B2B

System Summary
barindex
PE file has a writeable .text section
Source: ISSetup.dll.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8AA1.tmp.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS80A0.tmp.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Contains functionality to communicate with device drivers
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C51660: memset,malloc,malloc,free,free,malloc,CreateFileW,DeviceIoControl,CloseHandle,free,free,free,free,free,CloseHandle,free,free,free,free,free, 30_2_00C51660
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00446A5B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx, 2_2_00446A5B
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c8c.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4E9F.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcamp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcomp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c8f.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c8f.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c90.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI53FF.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120chs.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120cht.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120deu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120enu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120esn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120fra.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120ita.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120jpn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120kor.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120rus.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c93.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c93.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c94.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6BFD.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcamp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcomp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c97.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c97.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c98.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{929FBD26-9020-399B-9A7A-751D61F0B942}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI7005.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120chs.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120cht.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120deu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120enu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120esn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120fra.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120ita.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120jpn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120kor.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120rus.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c9b.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6c4c9b.msi
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\6c4c8f.msi
Detected potential crypto function
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047C079 2_2_0047C079
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0046802F 2_2_0046802F
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0049C169 2_2_0049C169
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00490400 2_2_00490400
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_004785C3 2_2_004785C3
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047C5E9 2_2_0047C5E9
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047CF48 2_2_0047CF48
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047D307 2_2_0047D307
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00471456 2_2_00471456
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0049D5C4 2_2_0049D5C4
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00475701 2_2_00475701
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0044DAE2 2_2_0044DAE2
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047DA83 2_2_0047DA83
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045E55F 2_2_0045E55F
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045EA53 2_2_0045EA53
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00462D20 2_2_00462D20
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045EE6B 2_2_0045EE6B
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00492EF0 2_2_00492EF0
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_004631C0 2_2_004631C0
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045F2A0 2_2_0045F2A0
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045F6D5 2_2_0045F6D5
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047F77C 2_2_0047F77C
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0047BB10 2_2_0047BB10
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0046FC8B 2_2_0046FC8B
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D261AD0 6_2_00007FF75D261AD0
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D264230 6_2_00007FF75D264230
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D26D308 6_2_00007FF75D26D308
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D2742FC 6_2_00007FF75D2742FC
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D26F11C 6_2_00007FF75D26F11C
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D264E10 6_2_00007FF75D264E10
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D26CC64 6_2_00007FF75D26CC64
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D26FCE4 6_2_00007FF75D26FCE4
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CA5560 30_2_00CA5560
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CE9A70 30_2_00CE9A70
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CB7550 30_2_00CB7550
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CEC250 30_2_00CEC250
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C48440 30_2_00C48440
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C94A30 30_2_00C94A30
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00D00B80 30_2_00D00B80
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFCBA0 30_2_00CFCBA0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CF5530 30_2_00CF5530
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C9DA60 30_2_00C9DA60
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CC9B80 30_2_00CC9B80
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C9A1E0 30_2_00C9A1E0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CF2120 30_2_00CF2120
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CE9A70 30_2_00CE9A70
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C630B0 30_2_00C630B0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C47830 30_2_00C47830
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C630B0 30_2_00C630B0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F4C40 30_2_011F4C40
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FA140 30_2_011FA140
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FA600 30_2_011FA600
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F6670 30_2_011F6670
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FA9B0 30_2_011FA9B0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FA8B0 30_2_011FA8B0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FAAB0 30_2_011FAAB0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F2C90 30_2_011F2C90
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F2F40 30_2_011F2F40
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F3140 30_2_011F3140
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F7170 30_2_011F7170
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011FF1E0 30_2_011FF1E0
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_011F7070 30_2_011F7070
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_0123E125 30_2_0123E125
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_01258108 30_2_01258108
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_0125E0B4 30_2_0125E0B4
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_0123E310 30_2_0123E310
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_01262486 30_2_01262486
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: String function: 0044177A appears 60 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: String function: 0044540B appears 73 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: String function: 0044294E appears 460 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: String function: 0043F6A2 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: String function: 0043FA86 appears 654 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 00F4294E appears 460 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 00F3F6A2 appears 35 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 00F4540B appears 73 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 700D10E3 appears 70 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 700DAFD3 appears 31 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 00F3FA86 appears 654 times
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: String function: 00F4177A appears 60 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 00462F51 appears 35 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 0045B6C9 appears 295 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 0045B6FF appears 57 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 00423321 appears 40 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 0045A10D appears 136 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 004091B8 appears 102 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 0045B696 appears 235 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 00466070 appears 55 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 00459DAE appears 77 times
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: String function: 00459DDC appears 56 times
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: String function: 00C35173 appears 41 times
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: String function: 00C3247D appears 32 times
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: String function: 00D0C478 appears 46 times
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: String function: 00C3647E appears 38 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: String function: 003E540B appears 73 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: String function: 003E177A appears 60 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: String function: 003DFA86 appears 654 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: String function: 003E294E appears 460 times
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: String function: 003DF6A2 appears 35 times
PE file contains executable resources (Code or Archives)
Source: hpr8777.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Loc8846.tmp.2.dr Static PE information: Resource name: RT_ICON type: tar archive (old), type '9' (, mode !\005, uid )\006, gid !\010\0, size *\010, seconds \006\016, linkname \014\002, comment: 7
Sample file is different than original file name gathered from version info
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameISRT.dll vs LocalPlayback.exe
Source: LocalPlayback.exe, 00000002.00000000.1288340748.0000000000518000.00000002.00000001.01000000.00000004.sdmp Binary or memory string: OriginalFilenameInstallShield Setup.exe< vs LocalPlayback.exe
Source: LocalPlayback.exe Binary or memory string: OriginalFilename vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2575336087.000000006C8FF000.00000002.00000001.01000000.00000019.sdmp Binary or memory string: OriginalFilenameToolShareModule.dll@ vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2571617408.000000006B450000.00000002.00000001.01000000.00000020.sdmp Binary or memory string: OriginalFilenameQt5PrintSupport.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2576115403.000000007004B000.00000002.00000001.01000000.0000002A.sdmp Binary or memory string: OriginalFilenameqdds.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2573230518.000000006BCD5000.00000002.00000001.01000000.0000001B.sdmp Binary or memory string: OriginalFilenameHDFileSDK.dll4 vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2560995220.000000000120F000.00000002.00000001.01000000.00000025.sdmp Binary or memory string: OriginalFilenameAnalyzeData.dll8 vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2561519409.00000000012E1000.00000002.00000001.01000000.00000026.sdmp Binary or memory string: OriginalFilenameSuperRender.dllb! vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2570330216.000000006AEC3000.00000002.00000001.01000000.00000027.sdmp Binary or memory string: OriginalFilenameqwindows.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2572836301.000000006BC57000.00000002.00000001.01000000.0000001C.sdmp Binary or memory string: OriginalFilenamehpr.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2574879072.000000006C7FA000.00000002.00000001.01000000.00000017.sdmp Binary or memory string: OriginalFilenameQt5Gui.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2568305204.000000006AC66000.00000002.00000001.01000000.0000002F.sdmp Binary or memory string: OriginalFilenameqtga.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2568863892.000000006ACB8000.00000002.00000001.01000000.0000002D.sdmp Binary or memory string: OriginalFilenameqico.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2568057819.000000006AC4D000.00000002.00000001.01000000.00000030.sdmp Binary or memory string: OriginalFilenameqtiff.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2571873027.000000006B528000.00000002.00000001.01000000.00000021.sdmp Binary or memory string: OriginalFilenameQt5Network.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2573691280.000000006BED1000.00000002.00000001.01000000.0000001A.sdmp Binary or memory string: OriginalFilenameToolGuiToolkit.dll> vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2574203004.000000006C30C000.00000002.00000001.01000000.00000018.sdmp Binary or memory string: OriginalFilenameQt5Widgets.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2571195230.000000006B3D6000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: OriginalFilenameAudioRender.dllb! vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2572561458.000000006BB12000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: OriginalFilenameQt5Core.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2575743999.000000006FF48000.00000002.00000001.01000000.0000002B.sdmp Binary or memory string: OriginalFilenameqgif.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2567687436.000000006ABF6000.00000002.00000001.01000000.00000031.sdmp Binary or memory string: OriginalFilenameqwbmp.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2575563003.000000006C919000.00000002.00000001.01000000.0000002C.sdmp Binary or memory string: OriginalFilenameqicns.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2568537510.000000006ACAC000.00000002.00000001.01000000.0000002E.sdmp Binary or memory string: OriginalFilenameqjpeg.dll( vs LocalPlayback.exe
Source: LocalPlayback.exe, 0000001E.00000002.2567183037.0000000010367000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: OriginalFilenamePlayCtrl.dll2 vs LocalPlayback.exe
Uses 32bit PE files
Source: LocalPlayback.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: ISSetup.dll.2.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: lib96F4.tmp.2.dr Static PE information: Section: .reloc IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isr8AA1.tmp.2.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISS80A0.tmp.2.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: lib96F4.tmp.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: isr8AA1.tmp.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: LocalPlayback.exe, 0000001E.00000002.2572144739.000000006B8F5000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: nna.nosciencehu.comtadaoka.osaka.jphayakawa.yamanashi.jpdnsalias.orgedu.saedu.sbedu.rsedu.sclib.id.usogori.fukuoka.jpnotogawa.shiga.jpedu.sdrepbody.aeroid.auedu.ruk12.nj.usloyalist.museumedu.rwedu.sgxyzmoka.tochigi.jpdynathome.netkimino.wakayama.jpedu.slnissanveterinaire.kmkokubunji.tokyo.jpedu.snos.hordaland.notm.kmartsandcrafts.museumis-a-musician.com*.kitakyushu.jpiitate.fukushima.jpedu.stav.iturayasu.chiba.jpedu.svflorida.museumninjaedu.synemuro.hokkaido.jpedu.tjs
Source: classification engine Classification label: sus24.bank.evad.winEXE@29/455@1/1
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_0043F326 FormatMessageW,GetLastError,LocalFree, 19_2_0043F326
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00454269 __EH_prolog3_GS,CertOpenSystemStoreW,GetLastError,CertOpenSystemStoreW, 2_2_00454269
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00453B2B __EH_prolog3,CertOpenSystemStoreW,CertOpenSystemStoreW,CertOpenSystemStoreW,CertAddCertificateContextToStore,GetLastError,CertGetIssuerCertificateFromStore,CertAddCertificateContextToStore,GetLastError,CertGetIssuerCertificateFromStore, 2_2_00453B2B
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00446A5B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx, 2_2_00446A5B
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_004113BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 19_2_004113BA
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003B13BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 22_2_003B13BA
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F113BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 27_2_00F113BA
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0041F059 __EH_prolog3_GS,_memset,GetDiskFreeSpaceExW,LoadLibraryW,GetProcAddress,lstrcpyW,lstrcatW,GetDiskFreeSpaceExW,GetDiskFreeSpaceExW,GetLastError,GetDiskFreeSpaceW,GetDiskFreeSpaceW, 2_2_0041F059
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00444E65 __EH_prolog3_GS,CreateToolhelp32Snapshot,GetLastError,Process32FirstW,Process32NextW,OpenProcess, 2_2_00444E65
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0041A2E5 CoCreateInstance, 2_2_0041A2E5
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00499420 FindResourceW,FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,_memmove,CreateStreamOnHGlobal,GlobalUnlock,GlobalFree, 2_2_00499420
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_0042E774 ChangeServiceConfigW,GetLastError, 19_2_0042E774
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\InstallShield Installation Information\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\Public\Desktop\LocalPlayback.lnk Jump to behavior
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
Source: C:\Users\user\Desktop\LocalPlayback.exe Mutant created: \Sessions\1\BaseNamedObjects\6674BCC5-BC57-446B-B83B-FA53501E0FDC
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Mutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/local/temp/qtsingleapplication-b312-1-lockfile
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: x$L 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: x$L 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: x$L 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: EXE=%s 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: EXEProcessBegin 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: ISSetupInit 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: x$L 2_2_00425602
Source: C:\Users\user\Desktop\LocalPlayback.exe Command line argument: x$L 2_2_00425602
Source: LocalPlayback.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LocalPlayback.exe File read: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\setup.ini Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: vcredist_x86.exe, 00000013.00000003.1819940196.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000013.00000003.1815835578.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1898813039.0000000000953000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1901279866.000000000098E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SELECT `WixDependency`.`WixDependency`, `WixDependencyProvider`.`Component_`, `WixDependency`.`ProviderKey`, `WixDependency`.`MinVersion`, `WixDependency`.`MaxVersion`, `WixDependency`.`Attributes` FROM `WixDependencyProvider`, `WixDependency`, `WixDependencyRef` WHERE `WixDependency`.`WixDependency` = `WixDependencyRef`.`WixDependency_` AND `WixDependencyProvider`.`WixDependencyProvider` = `WixDependencyRef`.`WixDependencyProvider_`SELECT `WixDependencyProvider`.`WixDependencyProvider`, `WixDependencyProvider`.`Component_`, `WixDependencyProvider`.`ProviderKey`, `WixDependencyProvider`.`Attributes` FROM `WixDependencyProvider`Failed to ignored dependency "%ls" to the string dictionary.;Failed to create the string dictionary.Failed to get the string value of the IGNOREDEPENDENCIES property.IGNOREDEPENDENCIESUnknownFailed to set the dependency name "%ls" into the message record.Failed to set the dependency key "%ls" into the message record.The dependency "%ls" is missing or is not the required version.Found dependent "%ls", name: "%ls".Failed to set the number of dependencies into the message record.Failed to set the message identifier into the message record.Not enough memory to create the message record.wixdepca.cppUnexpected message response %d from user or bootstrapper application.Failed to create the dependency record for message %d.Failed to enumerate all of the rows in the dependency query view.Failed to get WixDependency.Attributes.Failed to get WixDependency.MaxVersion.Failed to get WixDependency.MinVersion.Failed to get WixDependency.ProviderKey.Failed to get WixDependencyProvider.Component_.Failed to get WixDependency.WixDependency.Failed dependency check for %ls.Skipping dependency check for %ls because the component %ls is not being (re)installed.Failed to open the query view for dependencies.Failed to initialize the unique dependency string list.Failed to check if the WixDependency table exists.Skipping the dependency check since no dependencies are authored.WixDependencyFailed to enumerate all of the rows in the dependency provider query view.Failed to get WixDependencyProvider.Attributes.Failed to get WixDependencyProvider.ProviderKey.Failed to get WixDependencyProvider.Component.Failed to get WixDependencyProvider.WixDependencyProvider.Failed dependents check for %ls.Skipping dependents check for %ls because the component %ls is not being uninstalled.Failed to open the query view for dependency providers.Failed to check if the WixDependencyProvider table exists.Skipping the dependents check since no dependency providers are authored.WixDependencyProviderSkipping the dependencies check since IGNOREDEPENDENCIES contains "ALL".Failed to check if "ALL" was set in IGNOREDEPENDENCIES.ALLFailed to get the ignored dependents.Failed to ensure required dependencies for (re)installing components.ALLUSERSFailed to initialize the registry functions.Failed to initialize.WixDependencyRequireFailed to ensure absent dependents for uninstalling com
Source: vcredist_x86.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vcredist_x64_2013.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vcredist_x86.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: LocalPlayback.exe String found in binary or memory: --yexl-- CPlayBackInteraction-StartPlayback nofile
Source: C:\Users\user\Desktop\LocalPlayback.exe File read: C:\Users\user\Desktop\LocalPlayback.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\LocalPlayback.exe "C:\Users\user\Desktop\LocalPlayback.exe"
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0F60EF52-B8AE-4C65-B672-4ECBA9C7EF64}
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DEBE9773-6CCB-402A-A045-44F23FC2C3BA}
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E46B7176-3FFC-40C6-B559-180C9F23E714}
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5BF0CED-81A6-4ECC-9E75-24C1C03367D2}
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83415305-25EC-4DB0-8231-2F0B7AC0579F}
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3309AE38-3356-4998-B51D-DDEA1CA316CD}
Source: unknown Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe /q
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe "C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe" /q -burn.unelevated BurnPipe.{DBEA4BDC-32D1-4571-8C40-9D2304124BE9} {91C7A57E-FB61-4624-AACC-1188F529C9A7} 8120
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe /q
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe "C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe" /q -burn.unelevated BurnPipe.{0942DD9A-AF4A-432E-BD2D-A92FFBEDB9E9} {F3730AF5-9EE5-4B54-A568-50E8BA9679B4} 1876
Source: unknown Process created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Process created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe"
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe "C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe"
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0F60EF52-B8AE-4C65-B672-4ECBA9C7EF64} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DEBE9773-6CCB-402A-A045-44F23FC2C3BA} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E46B7176-3FFC-40C6-B559-180C9F23E714} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5BF0CED-81A6-4ECC-9E75-24C1C03367D2} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{83415305-25EC-4DB0-8231-2F0B7AC0579F} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3309AE38-3356-4998-B51D-DDEA1CA316CD} Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe /q Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe /q Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process created: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe "C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe "C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe" /q -burn.unelevated BurnPipe.{DBEA4BDC-32D1-4571-8C40-9D2304124BE9} {91C7A57E-FB61-4624-AACC-1188F529C9A7} 8120 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe "C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe" /q -burn.unelevated BurnPipe.{0942DD9A-AF4A-432E-BD2D-A92FFBEDB9E9} {F3730AF5-9EE5-4B54-A568-50E8BA9679B4} 1876
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Process created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe"
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: lz32.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: sxproxy.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: srcore.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: wer.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vss_ps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: usoapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: sxproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: srclient.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: spp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: vssapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: vsstrace.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: usoapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: sxproxy.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: srpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: tsappcmp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Section loaded: textshaping.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Section loaded: textshaping.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5core.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5gui.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5widgets.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: toolguitoolkit.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: toolsharemodule.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: hdfilesdk.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: hpr.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: playctrl.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: analyzedata.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: upgrade.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5core.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5core.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: hpr.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5core.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5network.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5core.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5printsupport.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5xml.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: hpr.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: superrender.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: audiorender.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: winmm.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: mpr.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcr120.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: hcnetutils.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msvcp140.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: vcruntime140.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: winmm.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dsound.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: powrprof.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: powrprof.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: ddraw.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dxgi.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dciman32.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: umpdc.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: wintab32.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: qt5svg.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: devobj.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: d3d11.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dcomp.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File written: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\0x0409.ini Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Automated click: Next >
Source: C:\Users\user\Desktop\LocalPlayback.exe Automated click: Next >
Source: C:\Users\user\Desktop\LocalPlayback.exe Automated click: Next >
Source: C:\Users\user\Desktop\LocalPlayback.exe Automated click: Install
Source: C:\Users\user\Desktop\LocalPlayback.exe Automated click: Next >
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Windows\SysWOW64\RICHED32.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Window detected: Number of UI elements: 19
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Window detected: Number of UI elements: 19
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Window detected: Number of UI elements: 19
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: LocalPlayback.exe Static PE information: certificate valid
Source: LocalPlayback.exe Static file information: File size 80556152 > 1048576
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msvcr90.dll Jump to behavior
Source: LocalPlayback.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Nsd.pdb' source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\ToolShareModule\ToolShareModule.pdb source: LocalPlayback.exe, 0000001E.00000002.2575260611.000000006C8F8000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: .pdb? source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Project\2018NewVersionTools\UpgradeTool\code\target\UpgradeTool\Upgrade.pdb source: LocalPlayback.exe, 0000001E.00000002.2574995176.000000006C8CA000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: qddsd.pdbEScritOpedm source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb source: LocalPlayback.exe, 00000002.00000000.1288293705.00000000004AD000.00000002.00000001.01000000.00000004.sdmp, LocalPlayback.exe, 00000002.00000002.2430910825.00000000004AD000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: qtgad.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\Standard\\sqlpsql.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.pdbbddll} source: LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\VS2013\ToolGuiToolkit\ToolGuiToolkit.pdb source: LocalPlayback.exe, 0000001E.00000002.2573472697.000000006BE0A000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmp.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\plugins\\indowsd.pdbws.ll source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qgifd.pdbl source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Project\2018NewVersionTools\UpgradeTool\code\target\UpgradeTool\Upgrade.pdb(( source: LocalPlayback.exe, 0000001E.00000002.2574995176.000000006C8CA000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: \??\C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.pdbltmpI source: LocalPlayback.exe, 00000002.00000003.2169399913.0000000005A92000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435360519.0000000005A92000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2427166168.0000000005A92000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xC:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb. source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\PROJ\hpr\hpr_svn\lib\vs2008\hpr.pdb source: LocalPlayback.exe, 0000001E.00000002.2572733998.000000006BB42000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: qwebpd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qwbmpd.pdbScritOpedJ;^ source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: `C:\Program Files (x86)\LocalPlayback\plugins\\indowsd.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x86.exe, 0000001C.00000002.2561765338.00000000700E5000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: qminimald.pdbritOped&;2 source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qtiffd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_x86.exe, 00000013.00000000.1787811525.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000002.1873216538.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000003.1807866305.0000000000F47000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000014.00000002.1873113180.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000000.1791920978.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x64_2013.exe, 00000016.00000002.1937952943.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000016.00000000.1876182782.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000002.1938343186.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000000.1877246310.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x86.exe, 0000001B.00000002.1943499977.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001B.00000000.1932728808.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000002.2559508643.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000000.1936608719.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qjpegd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\VS2013\LocalPlayback\LocalPlayback.pdb source: LocalPlayback.exe, 0000001E.00000000.2168265549.0000000000D2C000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Compiler_SDK_HDFile_Win32\win\VS2013\Release\HDFileSDK.pdb source: LocalPlayback.exe, 0000001E.00000002.2573042521.000000006BCCB000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdbw source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\CommonSkin\CommonSkin.pdb source: LocalPlayback.exe, 0000001E.00000002.2568990669.000000006ADBD000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x86.exe, 0000001C.00000002.2561765338.00000000700E5000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: qwbmpd.pdbXP1 source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qicod.pdbcod.llb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.pdb.lll source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\work\SuperRender\0000000\bin\win32\Private_PDB32\SuperRender.pdb8 ' source: LocalPlayback.exe, 0000001E.00000002.2561255132.0000000001267000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: qwindowsd.pdbritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreend.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vcredist_x86.exe, 00000013.00000003.1819940196.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, vcredist_x86.exe, 00000013.00000003.1815835578.0000000000F56000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1898813039.0000000000953000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64_2013.exe, 00000016.00000003.1901279866.000000000098E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwebp.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_SDK_HCNetUtils_win32\common\HCNetUtils\win32\lib\HCNetUtils.pdb source: LocalPlayback.exe, 0000001E.00000002.2570472714.000000006B205000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwebpd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmpd.pdbt source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlited.pdbb source: LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb.dldbA source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\work\SuperRender\0000000\bin\win32\Private_PDB32\SuperRender.pdb source: LocalPlayback.exe, 0000001E.00000002.2561255132.0000000001267000.00000002.00000001.01000000.00000026.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qtiff.dll.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qicnsd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: _isres_0x0409.dlllayout.bindata1.hdrdata1.cabsetup.exeISSetup.dll0x0804.ini0x0409.inisetup.iniAnalyzeData.dllAudioRender.dllcalib.dllD3DCompiler_43.dllD3DX9_43.dllEagleEyeRender.dllgdiplus.dllHCCore.dllHCNetSDK.dllHCNetUtils.dllHDFileSDK.dllhpr.dllHWDecode.dlliconv.dlllibxml2.dllLocalPlayback.exeLocalPlayback.ism.771LocalXml.zipMP_Render.dllMP_VIE.dllOpenAL32.dllPlayCtrl.dllQt5Core.dllQt5Gui.dllQt5Network.dllQt5PrintSupport.dllQt5Widgets.dllQt5Xml.dllSettings.xmlSuperRender.dllToolGuiToolkit.dllToolShareModule.dllToolShareModule.libUpgrade.dllUpgrade.xmlYUVProcess.dllzlib1.dllAudioIntercom.dllDsSdk.dllHCAlarm.dllHCAlarm.libHCCoreDevCfg.dllHCDisplay.dllHCGeneralCfgMgr.dllHCGeneralCfgMgr.libHCIndustry.dllHCPlayBack.dllHCPreview.dllHCPreview.libHCVoiceTalk.dlllibiconv2.dllmsvcr90.dllStreamTransClient.dllSystemTransform.dllqdds.dllqddsd.dllqddsd.pdbqgif.dllqgifd.dllqgifd.pdbqicns.dllqicnsd.dllqicnsd.pdbqico.dllqicod.dllqicod.pdbqjpeg.dllqjpegd.dllqjpegd.pdbqsvg.dllqsvgd.dllqsvgd.pdbqtga.dllqtgad.dllqtgad.pdbqtiff.dllqtiffd.dllqtiffd.pdbqwbmp.dllqwbmpd.dllqwbmpd.pdbqwebp.dllqwebpd.dllqwebpd.pdbqminimal.dllqminimald.dllqminimald.pdbqoffscreen.dllqoffscreend.dllqoffscreend.pdbqwindows.dllqwindowsd.dllqwindowsd.pdbqsqlite.dllqsqlited.dllqsqlited.pdbqsqlmysql.dllqsqlmysqld.dllqsqlmysqld.pdbqsqlpsql.dllqsqlpsqld.dllqsqlpsqld.pdbLocalPlayback_en.qmLocalPlayBack_en.tsLocalPlayback_zh.qmLocalPlayBack_zh.tsqt_en.qmqt_zh_CN.qmToolGuiToolkit_en.qmToolGuiToolkit_en.tsToolGuiToolkit_zh.qmToolGuiToolkit_zh.tsToolShareModule_en.qmToolShareModule_en.tsToolShareModule_zh.qmToolShareModule_zh.ts,g0W source: LocalPlayback.exe, 00000002.00000003.2197605938.0000000000855000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp, ISBEW64.exe, 00000006.00000002.2196188784.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000006.00000000.1332346457.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000007.00000002.1335450557.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000007.00000000.1333414243.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000008.00000000.1334155324.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000008.00000002.1336690488.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000009.00000002.1338208405.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 00000009.00000000.1334838319.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000A.00000000.1335823221.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000A.00000002.1338230664.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000B.00000002.2171021829.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp, ISBEW64.exe, 0000000B.00000000.1389523104.00007FF75D277000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qsvgd.pdbpg.llg source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qgifd.pdbEScritOpedn;z source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setup.inxlicense.rtfSetup.xmlvcredist_x64_2013.exevcredist_x86.exeFontData.iniDIFxData.inicorecomp.inidotnetinstaller.exedotnetinstaller.exe.configISBEW64.exeStringTable_0x0804.ipsStringTable_0x0409.ipsisrt.dlldefault.pal_isres_0x0804.dll_isres_0x0409.dlllayout.bindata1.hdrdata1.cabsetup.exeISSetup.dll0x0804.ini0x0409.inisetup.iniAnalyzeData.dllAudioRender.dllcalib.dllD3DCompiler_43.dllD3DX9_43.dllEagleEyeRender.dllgdiplus.dllHCCore.dllHCNetSDK.dllHCNetUtils.dllHDFileSDK.dllhpr.dllHWDecode.dlliconv.dlllibxml2.dllLocalPlayback.exeLocalPlayback.ism.771LocalXml.zipMP_Render.dllMP_VIE.dllOpenAL32.dllPlayCtrl.dllQt5Core.dllQt5Gui.dllQt5Network.dllQt5PrintSupport.dllQt5Widgets.dllQt5Xml.dllSettings.xmlSuperRender.dllToolGuiToolkit.dllToolShareModule.dllToolShareModule.libUpgrade.dllUpgrade.xmlYUVProcess.dllzlib1.dllAudioIntercom.dllDsSdk.dllHCAlarm.dllHCAlarm.libHCCoreDevCfg.dllHCDisplay.dllHCGeneralCfgMgr.dllHCGeneralCfgMgr.libHCIndustry.dllHCPlayBack.dllHCPreview.dllHCPreview.libHCVoiceTalk.dlllibiconv2.dllmsvcr90.dllStreamTransClient.dllSystemTransform.dllqdds.dllqddsd.dllqddsd.pdbqgif.dllqgifd.dllqgifd.pdbqicns.dllqicnsd.dllqicnsd.pdbqico.dllqicod.dllqicod.pdbqjpeg.dllqjpegd.dllqjpegd.pdbqsvg.dllqsvgd.dllqsvgd.pdbqtga.dllqtgad.dllqtgad.pdbqtiff.dllqtiffd.dllqtiffd.pdbqwbmp.dllqwbmpd.dllqwbmpd.pdbqwebp.dllqwebpd.dllqwebpd.pdbqminimal.dllqminimald.dllqminimald.pdbqoffscreen.dllqoffscreend.dllqoffscreend.pdbqwindows.dllqwindowsd.dllqwindowsd.pdbqsqlite.dllqsqlited.dllqsqlited.pdbqsqlmysql.dllqsqlmysqld.dllqsqlmysqld.pdbqsqlpsql.dllqsqlpsqld.dllqsqlpsqld.pdbLocalPlayback_en.qmLocalPlayBack_en.tsLocalPlayback_zh.qmLocalPlayBack_zh.tsqt_en.qmqt_zh_CN.qmToolGuiToolkit_en.qmToolGuiToolkit_en.tsToolGuiToolkit_zh.qmToolGuiToolkit_zh.tsToolShareModule_en.qmToolShareModule_en.tsToolShareModule_zh.qmToolShareModule_zh.ts,g0W source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196340763.000000000084F000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000844000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlited.pdbcritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdbimage/~ source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsqld.pdb@ source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlpsqld.pdbritOped$%4 source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qicnsd.pdbrmdlll source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qddsd.pdbformdll source: LocalPlayback.exe, 00000002.00000003.2198116230.000000000082E000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2189404783.000000000082C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qtgad.pdbp.dl source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /LocalPlayback/imageformats/qwebpd.pdb' source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\AudioRender0\WindowsAudio2\bin\win32\Private_PDB32\AudioRender.pdb =k source: LocalPlayback.exe, 0000001E.00000002.2571115843.000000006B3C9000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: qsvgd.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :/aptui/complex/Images/System/Complex/date.pngtgad.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qsqlmysqld.pdbtOpedX:P source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@F source: vcredist_x86.exe, 00000013.00000000.1787811525.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000013.00000002.1873216538.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000002.1873113180.000000000044A000.00000002.00000001.01000000.0000000F.sdmp, vcredist_x86.exe, 00000014.00000000.1791920978.000000000044A000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: kqsvgd.pdb source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vcredist_x86.exe, 00000013.00000003.1807866305.0000000000F47000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@@ source: vcredist_x64_2013.exe, 00000016.00000002.1937952943.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000016.00000000.1876182782.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000002.1938343186.00000000003EA000.00000002.00000001.01000000.00000013.sdmp, vcredist_x64_2013.exe, 00000017.00000000.1877246310.00000000003EA000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\jenkins\workspace\APP_Package_Tool_BaseLine_Tools3\code\target\vs2013\CommonSkin\CommonStyle.pdb source: LocalPlayback.exe, 0000001E.00000002.2575854670.000000006FF59000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: C:/Program Files (x86)/LocalPlayback/imageformats/qwbmpd.pdb source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\AudioRender0\WindowsAudio2\bin\win32\Private_PDB32\AudioRender.pdb source: LocalPlayback.exe, 0000001E.00000002.2571115843.000000006B3C9000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: qjpegd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qtiffd.pdbScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kegd.pdbX source: LocalPlayback.exe, 0000001E.00000002.2555626033.0000000000A91000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\platforms\qminimald.pdb source: LocalPlayback.exe, 00000002.00000003.2198507434.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2171020004.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2436234286.0000000005C50000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196692354.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qoffscreend.pdbtOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qjpegd.pdb source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424912060.0000000005C0D000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.pdbe Q source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb3 source: LocalPlayback.exe, 0000001E.00000003.2190142052.0000000000B48000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: qicod.pdbEScritOped source: LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174101184.0000000005BDD000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2435760784.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@ source: vcredist_x86.exe, 0000001B.00000002.1943499977.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001B.00000000.1932728808.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000002.2559508643.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp, vcredist_x86.exe, 0000001C.00000000.1936608719.0000000000F4A000.00000002.00000001.01000000.00000015.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00495AB0 LoadLibraryW,GetProcAddress,MonitorFromPoint,GetDC,GetDeviceCaps,ReleaseDC,MulDiv,FreeLibrary, 2_2_00495AB0
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .rsrc
PE file contains sections with non-standard names
Source: qdd97B4.tmp.2.dr Static PE information: section name: .qtmetad
Source: qdd97C5.tmp.2.dr Static PE information: section name: .qtmetad
Source: vcr8865.tmp.2.dr Static PE information: section name: .wixburn
Source: vcr8951.tmp.2.dr Static PE information: section name: .wixburn
Source: qgi9815.tmp.2.dr Static PE information: section name: .qtmetad
Source: qgi9826.tmp.2.dr Static PE information: section name: .qtmetad
Source: qic9885.tmp.2.dr Static PE information: section name: .qtmetad
Source: qic9896.tmp.2.dr Static PE information: section name: .qtmetad
Source: qic98F6.tmp.2.dr Static PE information: section name: .qtmetad
Source: qic9916.tmp.2.dr Static PE information: section name: .qtmetad
Source: qjp9985.tmp.2.dr Static PE information: section name: .qtmetad
Source: qjp99A6.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsv9A34.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsv9A54.tmp.2.dr Static PE information: section name: .qtmetad
Source: qtg9B02.tmp.2.dr Static PE information: section name: .qtmetad
Source: qtg9B13.tmp.2.dr Static PE information: section name: .qtmetad
Source: qti9B63.tmp.2.dr Static PE information: section name: .qtmetad
Source: qti9B93.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwb9C22.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwb9C32.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwe9CA2.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwe9CA2.tmp.2.dr Static PE information: section name: _RDATA
Source: qwe9CB2.tmp.2.dr Static PE information: section name: .qtmetad
Source: qmi9E6A.tmp.2.dr Static PE information: section name: .qtmetad
Source: qmi9E7A.tmp.2.dr Static PE information: section name: .qtmetad
Source: qofA0BE.tmp.2.dr Static PE information: section name: .qtmetad
Source: qofA0FE.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwiA296.tmp.2.dr Static PE information: section name: .qtmetad
Source: qwiA2F5.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA549.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA579.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA636.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA647.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA6B6.tmp.2.dr Static PE information: section name: .qtmetad
Source: qsqA6D6.tmp.2.dr Static PE information: section name: .qtmetad
Source: Eag859C.tmp.2.dr Static PE information: section name: .rodata
Source: gdi85CC.tmp.2.dr Static PE information: section name: Shared
Source: Pla89D3.tmp.2.dr Static PE information: section name: .rodata
Source: Pla89D3.tmp.2.dr Static PE information: section name: .data1
Source: Pla89D3.tmp.2.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0043DEB0 push edi; retn 0001h 2_2_0043DEB3
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_004660B5 push ecx; ret 2_2_004660C8
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045B664 push ecx; ret 2_2_0045B677
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00439B85 push ecx; ret 19_2_00439B98
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003D9B85 push ecx; ret 22_2_003D9B98
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F39B85 push ecx; ret 27_2_00F39B98
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DEE85 push ecx; ret 28_2_700DEE98
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DC354 pushad ; ret 28_2_700DC355
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFC170 push ecx; mov dword ptr [esp], 40000000h 30_2_00CFC261
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFC4C0 push ecx; mov dword ptr [esp], 3F000000h 30_2_00CFC5A8
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CBCD90 push ecx; mov dword ptr [esp], 40000000h 30_2_00CBCE2E
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00D0CE35 push ecx; ret 30_2_00D0CE48
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CBDC50 push ecx; mov dword ptr [esp], 3F000000h 30_2_00CBDCCA
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CBE230 push ecx; mov dword ptr [esp], 40000000h 30_2_00CBE35C
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C77400 push ecx; mov dword ptr [esp], 40000000h 30_2_00C7743D
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFB520 push ecx; mov dword ptr [esp], 3F000000h 30_2_00CFB560
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFB520 push ecx; mov dword ptr [esp], 40000000h 30_2_00CFB6FE
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFB520 push ecx; mov dword ptr [esp], 40000000h 30_2_00CFB89F
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00CFBE30 push ecx; mov dword ptr [esp], 40000000h 30_2_00CFBF18
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_01244264 push ecx; ret 30_2_01244277
Source: lib96F4.tmp.2.dr Static PE information: section name: .text entropy: 7.40720181647502
Source: msv9724.tmp.2.dr Static PE information: section name: .text entropy: 6.9206406211911835
Source: isr8AA1.tmp.2.dr Static PE information: section name: .text entropy: 7.983864400776431
Drops PE files
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120chs.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDK.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\gdiplus.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\libiconv2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qdd97C5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtg9B13.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Sys9794.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\DsSdk.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Upg8FDB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qti9B63.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qofA0BE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qic98F6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qic9896.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qwiA2F5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qmi9E7A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msvcr90.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Too8DD4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCG95F3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58D82.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5PrintSupport.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcamp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\_is8AD2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\D3D84EF.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\skins\ComA8AE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\cal8412.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCP9683.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCC8669.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCA9581.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCAlarm.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\AnalyzeData.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\lib96F4.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\ISSetup.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\styles\ComA8DE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\D3D8452.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreend.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\libxml2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\skins\ComA87F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\dot8A6E.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCCoreDevCfg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\Users\user\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Ope9753.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qic9885.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCV96C4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Ana9465.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\isr8AA1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\AudioIntercom.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58C27.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCN86E8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\set7FB5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsqld.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\MP_8925.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120cht.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreen.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qjp9985.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qwiA296.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCDisplay.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qgi9826.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCPreview.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwe9CA2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\styles\ComA8DF.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\gdi85CC.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCIndustry.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Ope89B2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qofA0FE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qsvgd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA6B6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\calib.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtg9B02.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA549.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\hpr8777.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\StreamTransClient.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISB8A8F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\SuperRender.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qsv9A34.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\iconv.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\OpenAL32.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HWD8787.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCPlayBack.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\DsS94A6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\vcr902B.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCGeneralCfgMgr.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qjp99A6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5Widgets.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5Gui.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtgad.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwe9CB2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\Users\user\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.be\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\SystemTransform.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcomp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qdds.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCC95A3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qgi9815.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58C87.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\setup.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5Xml.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Eag859C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qsv9A54.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\ToolGuiToolkit.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qddsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ISS80A0.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\D3DX9_43.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Sup8DC4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsql.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qic9916.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\EagleEyeRender.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qicnsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qgifd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5Network.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\_isres_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcr8951.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qti9B93.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\ico87D7.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA636.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\dotnetinstaller.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\skins\CommonSkin_D.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\AnalyzeData.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58AAE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HDFileSDK.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58B6B.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\hpr.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.be\vcredist_x86.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\MP_8904.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlited.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msv9724.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\MP_VIE.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HDF8747.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qminimal.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Too8EB0.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcr8865.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt58C67.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\vcr92EB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HWDecode.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ISSetup.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCVoiceTalk.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Str9774.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCI9643.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA579.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Pla89D3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\zli9454.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120deu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\skins\CommonSkin.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Aud83F2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlite.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA6D6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCD95D2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwb9C32.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qminimald.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Aud9485.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\OpenAL32.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qdd97B4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\isrt.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\YUVProcess.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\vcredist_x64_2013.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Qt5Core.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\vcredist_x86.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\AudioRender.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\PlayCtrl.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Ana83C2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCN86B8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\platforms\qmi9E6A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qjpegd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCP9663.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCCore.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA647.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\YUV9415.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qicod.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\HCNetUtils.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle_D.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\ToolShareModule.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Loc8846.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\MP_Render.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\lib8816.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\Upgrade.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qtiffd.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Program Files (x86)\LocalPlayback\imageformats\qwb9C22.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\ProgramData\Package Cache\{1b103cea-f037-4504-81de-956057b442c3}\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe (copy) Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\ProgramData\Package Cache\{1b103cea-f037-4504-81de-956057b442c3}\vcredist_x64.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120cht.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120rus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120kor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcamp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120esn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vcomp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc120enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0041C3F9 __EH_prolog3_GS,GetPrivateProfileIntW, 2_2_0041C3F9
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00489BF0 GetLastError,SetLastError,_memset,lstrcpyA,_memset,lstrcpyW,lstrlenA,_memset,lstrcpyA,lstrlenA,lstrlenA,_memmove,lstrcmpiA,GetLastError,SetLastError,_memmove,GetPrivateProfileIntA,_memset,lstrcpyA,GetPrivateProfileStringA,GetSysColor,_memset,_memset,GetPrivateProfileSectionNamesA,lstrcpyA,lstrcpyA,lstrlenA,lstrcpyA,GetPrivateProfileStringA,GetSysColor,GetLastError,SysFreeString,SysFreeString,SysFreeString,SetLastError,lstrcpyA,lstrlenA,lstrcmpA,lstrcpyA,GetPrivateProfileStringA,GetProcAddress, 2_2_00489BF0
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe File created: C:\Users\user~1\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe File created: C:\Users\user~1\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\license.rtf
Creates or modifies windows services
Source: C:\Users\user\Desktop\LocalPlayback.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore Jump to behavior
Modifies existing windows services
Source: C:\Windows\System32\SrTasks.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalPlayback\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalPlayback\Local Playback User Manual.lnk Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalPlayback\LocalPlayback.lnk Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalPlayback\Uninstall LocalPlayback.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1} Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1} Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1} Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {f65db027-aff3-4070-886a-0d87064aabb1} Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {1b103cea-f037-4504-81de-956057b442c3}
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {1b103cea-f037-4504-81de-956057b442c3}
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {1b103cea-f037-4504-81de-956057b442c3}
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {1b103cea-f037-4504-81de-956057b442c3}
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0044E37D LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 2_2_0044E37D
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Process information set: NOOPENFILEERRORBOX
Contains capabilities to detect virtual machines
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe File opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58C87.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDK.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\setup.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Eag859C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\gdiplus.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\libiconv2.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qdd97C5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qsv9A54.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qddsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ISS80A0.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\D3DX9_43.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtg9B13.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Sup8DC4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Sys9794.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\DsSdk.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsql.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qic9916.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\EagleEyeRender.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Upg8FDB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qti9B63.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qicnsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qgifd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qic9896.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qofA0BE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qic98F6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qwiA2F5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qmi9E7A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msvcr90.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\_isres_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Too8DD4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCG95F3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58D82.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qti9B93.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\ico87D7.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qgif.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA636.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\vcamp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\_is8AD2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\D3D84EF.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\skins\ComA8AE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\dotnetinstaller.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\cal8412.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\skins\CommonSkin_D.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCP9683.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCC8669.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58AAE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58B6B.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\MP_8904.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCA9581.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCAlarm.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlited.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\msv9724.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\lib96F4.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\MP_VIE.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HDF8747.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\ISSetup.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qminimal.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\styles\ComA8DE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\D3D8452.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Too8EB0.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtga.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreend.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58C67.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\libxml2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HWDecode.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlmysqld.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ISSetup.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qjpeg.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\skins\ComA87F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\dot8A6E.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCCoreDevCfg.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCVoiceTalk.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Str9774.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Ope9753.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qic9885.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCV96C4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCI9643.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Ana9465.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\isr8AA1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\AudioIntercom.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Pla89D3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA579.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Qt58C27.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCN86E8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\zli9454.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\set7FB5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120deu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qicns.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qsvg.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlpsqld.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\MP_8925.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120cht.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qjp9985.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreen.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\skins\CommonSkin.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqlite.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Aud83F2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qwiA296.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qico.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCDisplay.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qgi9826.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA6D6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCPreview.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCD95D2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwe9CA2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwb9C32.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\styles\ComA8DF.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtiff.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qminimald.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\OpenAL32.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\Aud9485.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\gdi85CC.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qdd97B4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCIndustry.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\isrt.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Ope89B2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwebp.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\YUVProcess.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qsvgd.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qofA0FE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA6B6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\calib.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtg9B02.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qwindows.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA549.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmp.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\Ana83C2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCN86B8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qjpegd.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\platforms\qmi9E6A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\hpr8777.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCP9663.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCCore.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\YUV9415.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\sqldrivers\qsqA647.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\StreamTransClient.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qicod.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qsv9A34.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\OpenAL32.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\iconv.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCPlayBack.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HWD8787.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\DsS94A6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCGeneralCfgMgr.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle_D.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qjp99A6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{BF172FD2-5CBE-4AB8-9EBD-2755BF244CA6}\Disk1\setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\MP_Render.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtgad.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\lib8816.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwe9CB2.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qtiffd.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.be\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qwb9C22.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\SystemTransform.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\vcomp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qdds.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Dropped PE file which has not been started: C:\ProgramData\Package Cache\{1b103cea-f037-4504-81de-956057b442c3}\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\HCNetSDKCom\HCC95A3.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LocalPlayback.exe Dropped PE file which has not been started: C:\Program Files (x86)\LocalPlayback\imageformats\qgi9815.tmp Jump to dropped file
Found evaded block containing many API calls
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Evaded block: after key decision
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Evaded block: after key decision
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Found evasive API chain checking for process token information
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe API coverage: 3.0 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\SrTasks.exe TID: 8092 Thread sleep time: -290000s >= -30000s Jump to behavior
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_0043F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0043F236h 19_2_0043F195
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_0043F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0043F22Fh 19_2_0043F195
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003DF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 003DF236h 22_2_003DF195
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003DF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 003DF22Fh 22_2_003DF195
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F3F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00F3F236h 27_2_00F3F195
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F3F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00F3F22Fh 27_2_00F3F195
Source: C:\Users\user\Desktop\LocalPlayback.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File Volume queried: C:\Windows FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00424C8F __EH_prolog3_GS,FindFirstFileW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,lstrcatW,SysStringLen,lstrcatW,GetFileAttributesW,lstrcatW,lstrcmpiW,lstrcpynW,lstrcmpiW,lstrcmpiW,SysStringLen,lstrcmpiW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,LZOpenFileW,LZOpenFileW,LZCopy,LZClose,LZClose,DeleteFileW,lstrcpyW, 2_2_00424C8F
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045145E __EH_prolog3_GS,FindFirstFileW,lstrcmpW,lstrcmpW,FindNextFileW,RemoveDirectoryW,__CxxThrowException@8,DeleteFileW, 2_2_0045145E
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0044F772 GetProcAddress,SearchPathW,GetModuleFileNameW,FindFirstFileW,VirtualQuery,VirtualProtect,VirtualProtect, 2_2_0044F772
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0042BF7F FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW, 2_2_0042BF7F
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00428BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 19_2_00428BE8
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_004466A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 19_2_004466A3
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00445710 _memset,FindFirstFileW,FindClose, 19_2_00445710
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003C8BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 22_2_003C8BE8
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003E66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 22_2_003E66A3
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003E5710 _memset,FindFirstFileW,FindClose, 22_2_003E5710
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F466A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 27_2_00F466A3
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F28BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 27_2_00F28BE8
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F45710 _memset,FindFirstFileW,FindClose, 27_2_00F45710
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DA685 _memset,FindFirstFileW,FindClose, 28_2_700DA685
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00C51A50 GetLogicalDrives,??0QByteArray@@QAE@XZ,??0QMessageBox@@QAE@PAVQWidget@@@Z,GetLogicalDriveStringsW,memset,GetDriveTypeW,?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z,?data@QArrayData@@QAEPAXXZ,??1QMessageBox@@UAE@XZ,??1QString@@QAE@XZ,?data@QArrayData@@QAEPAXXZ,?data@QArrayData@@QAEPAXXZ,?deallocate@QArrayData@@SAXPAU1@II@Z, 30_2_00C51A50
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0041C834 CreateFileW,CreateFileMappingW,GetSystemInfo,MapViewOfFile,IsBadReadPtr,UnmapViewOfFile,MapViewOfFile,IsBadReadPtr,GetLastError, 2_2_0041C834
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\FontData.ini Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe File opened: C:\Users\user~1\AppData\ Jump to behavior
Source: SrTasks.exe, 00000011.00000003.1979159865.000001E88953F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: LocalPlayback.exe, 00000002.00000003.2192280789.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2191341803.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2193014205.0000000002CDB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachinesK
Source: LocalPlayback.exe, 00000002.00000003.2199032197.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198813545.0000000002DDE000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2434443203.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2423416014.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2199718658.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424223438.0000000002E07000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2173827960.0000000002DCF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine,
Source: LocalPlayback.exe, 00000002.00000003.2173827960.0000000002DCF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine0
Source: LocalPlayback.exe, 00000002.00000003.2173827960.0000000002DCF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine=%ldat.t=0x0000000
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2432646353.0000000000885000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2425247455.0000000000885000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2195090458.0000000000884000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2194775220.0000000000880000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000844000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine4
Source: LocalPlayback.exe, 00000002.00000003.2194282526.000000000089C000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2194108617.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2194743909.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174730969.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196083127.00000000008A5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0_GetVirtualMachineType
Source: LocalPlayback.exe, 00000002.00000003.2173827960.0000000002DCF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine0x00000000
Source: LocalPlayback.exe, 00000002.00000003.1337188638.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2433505889.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424468858.0000000002B83000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2173154921.0000000005BD4000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337342198.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2195158245.0000000002B82000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337050034.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2197888428.0000000002B83000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1336897127.0000000002B84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: _IsVirtualMachine
Source: LocalPlayback.exe, 00000002.00000003.2170880571.0000000005CA2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:m
Source: LocalPlayback.exe, 00000002.00000003.1337188638.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337342198.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337050034.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1336897127.0000000002B84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: bIsVirtualMachine=%ld
Source: LocalPlayback.exe, 00000002.00000003.1337188638.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337342198.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1337050034.0000000002B84000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.1336897127.0000000002B84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: bIsVirtualMachine
Source: LocalPlayback.exe, 00000002.00000003.2194282526.000000000089C000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2194108617.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2194743909.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174730969.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2188207802.0000000000890000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196083127.00000000008A5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0_IsVirtualMachine|
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: LocalPlayback.exe, 0000001E.00000003.2198854322.00000000034CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmware&prod_virtual_disk#4&1
Source: SrTasks.exe, 00000011.00000003.1979159865.000001E88953F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: SrTasks.exe, 00000011.00000003.1983702371.000001E8894F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:5
Source: SrTasks.exe, 00000011.00000003.1982316287.000001E88953F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CVMWar&Prod_VMware_SATA_CD00d
Source: LocalPlayback.exe, 0000001E.00000003.2196516371.0000000003502000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}g
Source: LocalPlayback.exe, 00000002.00000002.2431896583.00000000007E2000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424572499.00000000007DF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0_IsVirtualMachine
Source: LocalPlayback.exe, 00000002.00000003.1328776964.000000000087D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: _GetVirtualMachineType
Source: LocalPlayback.exe, 00000002.00000003.2192280789.0000000002CC3000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2191341803.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2193014205.0000000002CDB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine=%ld
Source: LocalPlayback.exe, 0000001E.00000002.2563398991.00000000033A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000P4
Source: LocalPlayback.exe, 00000002.00000003.2199032197.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198813545.0000000002DDE000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2434443203.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2423416014.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2199718658.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2424223438.0000000002E07000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2173827960.0000000002DCF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0_GetVirtualMachineTypeieZ
Source: LocalPlayback.exe, 00000002.00000003.2199032197.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2198813545.0000000002DDE000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2434443203.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2423416014.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2432646353.0000000000885000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2425247455.0000000000885000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2193014205.0000000002CA8000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2199718658.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2195090458.0000000000884000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0bIsVirtualMachine
Source: LocalPlayback.exe, 0000001E.00000002.2574803336.000000006C7F3000.00000008.00000001.01000000.00000017.sdmp Binary or memory string: cfl.?AVQEmulationPaintEngine@@
Source: LocalPlayback.exe, 0000001E.00000002.2574803336.000000006C7F3000.00000008.00000001.01000000.00000017.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\LocalPlayback.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00464AFE _memset,IsDebuggerPresent, 2_2_00464AFE
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00479B1B EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 2_2_00479B1B
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00495AB0 LoadLibraryW,GetProcAddress,MonitorFromPoint,GetDC,GetDeviceCaps,ReleaseDC,MulDiv,FreeLibrary, 2_2_00495AB0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0046A319 GetProcessHeap, 2_2_0046A319
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_00463457 SetUnhandledExceptionFilter, 2_2_00463457
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0046347A SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_0046347A
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D26DCD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FF75D26DCD4
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\ISBEW64.exe Code function: 6_2_00007FF75D2707D8 SetUnhandledExceptionFilter, 6_2_00007FF75D2707D8
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_0043A0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 19_2_0043A0AC
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00438A42 SetUnhandledExceptionFilter, 19_2_00438A42
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00437EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 19_2_00437EAA
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003DA0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 22_2_003DA0AC
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003D8A42 SetUnhandledExceptionFilter, 22_2_003D8A42
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Code function: 22_2_003D7EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 22_2_003D7EAA
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F3A0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 27_2_00F3A0AC
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F38A42 SetUnhandledExceptionFilter, 27_2_00F38A42
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 27_2_00F37EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 27_2_00F37EAA
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DB88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 28_2_700DB88C
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Code function: 28_2_700DC9C1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 28_2_700DC9C1
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_00D0D288 ?terminate@@YAXXZ,__crtSetUnhandledExceptionFilter, 30_2_00D0D288
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: 30_2_01246266 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 30_2_01246266
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe "c:\users\user\appdata\local\temp\{77f7b223-84f4-43ae-9469-cc107488bb8b}\{6674bcc5-bc57-446b-b83b-fa53501e0fdc}\vcredist_x64_2013.exe" /q -burn.unelevated burnpipe.{0942dd9a-af4a-432e-bd2d-a92ffbedb9e9} {f3730af5-9ee5-4b54-a568-50e8ba9679b4} 1876
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Process created: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe "c:\users\user\appdata\local\temp\{77f7b223-84f4-43ae-9469-cc107488bb8b}\{6674bcc5-bc57-446b-b83b-fa53501e0fdc}\vcredist_x64_2013.exe" /q -burn.unelevated burnpipe.{0942dd9a-af4a-432e-bd2d-a92ffbedb9e9} {f3730af5-9ee5-4b54-a568-50e8ba9679b4} 1876
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0041B88A __EH_prolog3_GS,_memset,_memset,_memset,_memset,_memset,_memset,InitializeSecurityDescriptor,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,CoInitializeSecurity, 2_2_0041B88A
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0045004E GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid, 2_2_0045004E
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2432330466.000000000085A000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2201835616.0000000000859000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OPTYPE_PROGMAN
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2201787489.0000000000860000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2196340763.000000000084F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OPTYPE_PROGMAN7j
Source: LocalPlayback.exe, 00000002.00000003.1302943701.0000000002920000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES<
Source: LocalPlayback.exe, 00000002.00000003.2174730969.0000000000844000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000002.2432330466.000000000085A000.00000004.00000020.00020000.00000000.sdmp, LocalPlayback.exe, 00000002.00000003.2201835616.0000000000859000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OPTYPE_PROGMANes
Source: LocalPlayback.exe, 0000001E.00000002.2573965503.000000006C1B4000.00000002.00000001.01000000.00000018.sdmp Binary or memory string: QTrayIconMessageWindowClassTaskbarCreatedChangeWindowMessageFilterExuser32ChangeWindowMessageFilterThe platform plugin failed to create a message window.Shell_NotifyIconGetRectShell_TrayWndTrayNotifyWndSysPagerToolbarWindow32`
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_004634AA cpuid 2_2_004634AA
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,GetLocaleInfoW, 2_2_0046DC40
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, 2_2_00469E2F
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 2_2_00479E97
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: EnumSystemLocalesW, 2_2_0046DEB0
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _GetPrimaryLen,EnumSystemLocalesW, 2_2_0046DF0C
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _GetPrimaryLen,EnumSystemLocalesW, 2_2_0046DF89
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW, 2_2_0046E00C
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: GetLocaleInfoW, 2_2_0046E1FF
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale, 2_2_0041237B
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, 2_2_0046E327
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: GetLocaleInfoW,_GetPrimaryLen, 2_2_0046E3D4
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: _memset,_TranslateName,_TranslateName,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, 2_2_0046E4A8
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: EnumSystemLocalesW, 2_2_0046E9A7
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: GetLocaleInfoW, 2_2_0046EA2D
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Code function: GetLocaleInfoA, 30_2_01262289
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\LocalPlayback.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LocalPlayback.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x64_2013.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{1b103cea-f037-4504-81de-956057b442c3}\.ba1\logo.png VolumeInformation
Source: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{f65db027-aff3-4070-886a-0d87064aabb1}\.ba1\logo.png VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qminimal.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qminimald.pdb VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreen.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qoffscreend.pdb VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\platforms\qwindowsd.pdb VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle_D.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\translations\LocalPlayback_en.qm VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\translations\ToolGuiToolkit_en.qm VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\translations\ToolShareModule_en.qm VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\plugins\skins\CommonSkin.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\plugins\styles\CommonStyle.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qdds.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qddsd.pdb VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qgif.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qgifd.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qtiffd.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qwbmpd.pdb VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\imageformats\qwebpd.dll VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\Program Files (x86)\LocalPlayback\Settings.xml VolumeInformation
Source: C:\Program Files (x86)\LocalPlayback\LocalPlayback.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_004135A5 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,CreateNamedPipeW,GetLastError, 19_2_004135A5
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_0043A720 __EH_prolog3_GS,GetCurrentProcessId,_memset,GetLocalTime,GetModuleFileNameW, 2_2_0043A720
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00419A5A GetUserNameW,GetLastError, 19_2_00419A5A
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Code function: 19_2_00447D79 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 19_2_00447D79
Source: C:\Users\user\Desktop\LocalPlayback.exe Code function: 2_2_004501B9 GetVersion, 2_2_004501B9
Source: C:\Users\user\AppData\Local\Temp\{77F7B223-84F4-43AE-9469-CC107488BB8B}\{6674BCC5-BC57-446B-B83B-FA53501E0FDC}\vcredist_x86.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541117 Sample: LocalPlayback.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 24 63 hikdownload.hik-connect.com 2->63 67 PE file has a writeable .text section 2->67 8 LocalPlayback.exe 27 381 2->8         started        12 SrTasks.exe 1 2->12         started        14 vcredist_x86.exe 2->14         started        signatures3 process4 file5 47 C:\Users\user~1\...\vcredist_x86.exe (copy), PE32 8->47 dropped 49 C:\Users\...\vcredist_x64_2013.exe (copy), PE32 8->49 dropped 51 C:\Users\user~1\AppData\...\isrt.dll (copy), PE32 8->51 dropped 53 187 other files (none is malicious) 8->53 dropped 69 Registers a new ROOT certificate 8->69 16 msiexec.exe 8->16         started        19 vcredist_x86.exe 25 18 8->19         started        21 vcredist_x64_2013.exe 8->21         started        27 7 other processes 8->27 23 conhost.exe 12->23         started        25 vcredist_x86.exe 14->25         started        signatures6 process7 dnsIp8 35 C:\Windows\System32\vcomp120.dll, PE32+ 16->35 dropped 37 C:\Windows\System32\vcamp120.dll, PE32+ 16->37 dropped 39 C:\Windows\System32\mfc120rus.dll, PE32+ 16->39 dropped 45 21 other files (none is malicious) 16->45 dropped 41 C:\ProgramData\...\vcredist_x86.exe, PE32 19->41 dropped 30 vcredist_x86.exe 19->30         started        43 C:\ProgramData\...\vcredist_x64.exe, PE32 21->43 dropped 33 vcredist_x64_2013.exe 21->33         started        65 hikdownload.hik-connect.com 49.51.129.211, 49983, 80 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 27->65 file9 process10 file11 55 C:\Users\user\AppData\...\vcredist_x86.exe, PE32 30->55 dropped 57 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 30->57 dropped 59 C:\Users\user\AppData\...\vcredist_x64.exe, PE32 33->59 dropped 61 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 33->61 dropped
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
49.51.129.211
 hikdownload.hik-connect.com China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false

Contacted Domains

Name IP Active
hikdownload.hik-connect.com 49.51.129.211 true