plugx | 08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a

Analysis

max time kernel
263s
max time network
374s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
08-04-2023 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_es_1009_ld.exe
Size

3.6MB
MD5

90276982cc921f646f74f8310ef8cd6a
SHA1

37d5ff4e70485bbcc6e4ef6fa08d3b7839012d0f
SHA256

08fee35f2462f93c96751755ff42f2f63525ad04e21543efe52a159c800ab80a
SHA512

bdbdb26aaae5b84e7c8298e5e6033142f872e8f25578274c3a8c8fdc7d1e07033be62760b5230a67696bf9f4d885a7187d17680b271e713f1f1a111fa37edf2c
SSDEEP

49152:KpiUPlcfO74zHK+1ULjFvnxe2T9g4tGOPf28xuYT:KpPNcG74r1ULxvxew9g1op

Score

10^/10

plugx redline discovery exploit infostealer persistence trojan

Malware Config

Signatures

Detects PlugX payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000600000001af9b-488.dat	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000600000001af9b-488.dat	family_redline

Creates new service(s) 1 TTPs
persistence

New Service
T1050
Downloads MZ/PE file

Possible privilege escalation attempt 8 IoCs

exploit

pid	Process
208	takeown.exe
3728	icacls.exe
2860	icacls.exe
4828	takeown.exe
4864	icacls.exe
4904	takeown.exe
1468	icacls.exe
428	takeown.exe

Executes dropped EXE 4 IoCs

pid	Process
4440	LDPlayer.exe
3036	dnrepairer.exe
3564	Ld9BoxSVC.exe
1736	driverconfig.exe

Loads dropped DLL 53 IoCs

pid	Process
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
3036	dnrepairer.exe
3036	dnrepairer.exe
3036	dnrepairer.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
3564	Ld9BoxSVC.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
1248	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
3560	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
3752	regsvr32.exe
1736	driverconfig.exe
1736	driverconfig.exe

Modifies file permissions 1 TTPs 8 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4904	takeown.exe
1468	icacls.exe
428	takeown.exe
208	takeown.exe
3728	icacls.exe
2860	icacls.exe
4828	takeown.exe
4864	icacls.exe

Registers COM server for autorun 1 TTPs 17 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\""	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-errorhandling-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSVGA3D.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-console-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup-PreW10.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\capi.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SDL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxManage.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-filesystem-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBalloonCtrl.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\ucrtbase.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetNAT.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libcurl.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-namedpipe-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-rtlsupport-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\bldRTIsoMaker.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qminimal.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_V2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VirtualBoxVM.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcr100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdpUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-time-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstPDMAsyncCompletionStress.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\fastpipe.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\load.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qoffscreen.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSampleDriver.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSVC.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxVMM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxRT.dll	dnrepairer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2884	sc.exe
3428	sc.exe
4932	sc.exe
700	sc.exe
4352	sc.exe
1956	sc.exe
3376	sc.exe
5440	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 17 IoCs

evasion

pid	Process
596	taskkill.exe
2236	taskkill.exe
4720	taskkill.exe
4648	taskkill.exe
408	taskkill.exe
1096	taskkill.exe
692	taskkill.exe
512	taskkill.exe
2492	taskkill.exe
2284	taskkill.exe
3064	taskkill.exe
3560	taskkill.exe
1616	taskkill.exe
680	taskkill.exe
1404	taskkill.exe
5116	taskkill.exe
3744	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods\ = "44"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\NumMethods\ = "69"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ = "IGuestDnDTarget"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E1B7-4339-A549-F0878115596E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E64A-4908-804E-371CAD23A756}\ = "IMouseCapabilityChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762E-4120-871C-A2014234A607}\ = "ICloudProviderManager"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\ = "IMachineRegisteredEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\NumMethods\ = "34"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\NumMethods\ = "37"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ = "IEventSourceChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-48DF-438D-85EB-98FFD70D18C9}\ = "IMachineStateChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\NumMethods\ = "26"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ = "IRangedIntegerFormValue"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ = "IProgress"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C9D6-4742-957C-A6FD52E8C4AE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods\ = "16"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ = "IGuestDnDSource"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-808E-11E9-B773-133D9330F849}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ProgId\ = "VirtualBox.Session.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\NumMethods\ = "11"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods\ = "14"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\WOW6432Node\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk\DefaultIcon\ = "C:\\LDPlayer\\LDPlayer9\\backup_icon.ico"	LDPlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2354-4267-883F-2F417D216519}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods\ = "36"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\NumMethods\ = "19"	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
1676	LDPlayer9_es_1009_ld.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
4440	LDPlayer.exe
2708	powershell.exe
2708	powershell.exe
2708	powershell.exe
4440	LDPlayer.exe
4440	LDPlayer.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
632	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1676	LDPlayer9_es_1009_ld.exe
Token: SeShutdownPrivilege	1676	LDPlayer9_es_1009_ld.exe
Token: SeCreatePagefilePrivilege	1676	LDPlayer9_es_1009_ld.exe
Token: SeDebugPrivilege	2236	taskkill.exe
Token: SeDebugPrivilege	1096	taskkill.exe
Token: SeDebugPrivilege	3064	taskkill.exe
Token: SeDebugPrivilege	692	taskkill.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe
Token: SeDebugPrivilege	4440	LDPlayer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2236	1676	LDPlayer9_es_1009_ld.exe	66
PID 1676 wrote to memory of 2236	1676	LDPlayer9_es_1009_ld.exe	66
PID 1676 wrote to memory of 2236	1676	LDPlayer9_es_1009_ld.exe	66
PID 1676 wrote to memory of 1096	1676	LDPlayer9_es_1009_ld.exe	69
PID 1676 wrote to memory of 1096	1676	LDPlayer9_es_1009_ld.exe	69
PID 1676 wrote to memory of 1096	1676	LDPlayer9_es_1009_ld.exe	69
PID 1676 wrote to memory of 3064	1676	LDPlayer9_es_1009_ld.exe	71
PID 1676 wrote to memory of 3064	1676	LDPlayer9_es_1009_ld.exe	71
PID 1676 wrote to memory of 3064	1676	LDPlayer9_es_1009_ld.exe	71
PID 1676 wrote to memory of 692	1676	LDPlayer9_es_1009_ld.exe	73
PID 1676 wrote to memory of 692	1676	LDPlayer9_es_1009_ld.exe	73
PID 1676 wrote to memory of 692	1676	LDPlayer9_es_1009_ld.exe	73
PID 1676 wrote to memory of 4440	1676	LDPlayer9_es_1009_ld.exe	75
PID 1676 wrote to memory of 4440	1676	LDPlayer9_es_1009_ld.exe	75
PID 1676 wrote to memory of 4440	1676	LDPlayer9_es_1009_ld.exe	75
PID 4440 wrote to memory of 5116	4440	LDPlayer.exe	76
PID 4440 wrote to memory of 5116	4440	LDPlayer.exe	76
PID 4440 wrote to memory of 5116	4440	LDPlayer.exe	76
PID 4440 wrote to memory of 3744	4440	LDPlayer.exe	78
PID 4440 wrote to memory of 3744	4440	LDPlayer.exe	78
PID 4440 wrote to memory of 3744	4440	LDPlayer.exe	78
PID 4440 wrote to memory of 4720	4440	LDPlayer.exe	81
PID 4440 wrote to memory of 4720	4440	LDPlayer.exe	81
PID 4440 wrote to memory of 4720	4440	LDPlayer.exe	81
PID 4440 wrote to memory of 4648	4440	LDPlayer.exe	82
PID 4440 wrote to memory of 4648	4440	LDPlayer.exe	82
PID 4440 wrote to memory of 4648	4440	LDPlayer.exe	82
PID 4440 wrote to memory of 1616	4440	LDPlayer.exe	85
PID 4440 wrote to memory of 1616	4440	LDPlayer.exe	85
PID 4440 wrote to memory of 1616	4440	LDPlayer.exe	85
PID 4440 wrote to memory of 3560	4440	LDPlayer.exe	87
PID 4440 wrote to memory of 3560	4440	LDPlayer.exe	87
PID 4440 wrote to memory of 3560	4440	LDPlayer.exe	87
PID 4440 wrote to memory of 512	4440	LDPlayer.exe	89
PID 4440 wrote to memory of 512	4440	LDPlayer.exe	89
PID 4440 wrote to memory of 512	4440	LDPlayer.exe	89
PID 4440 wrote to memory of 3036	4440	LDPlayer.exe	91
PID 4440 wrote to memory of 3036	4440	LDPlayer.exe	91
PID 4440 wrote to memory of 3036	4440	LDPlayer.exe	91
PID 3036 wrote to memory of 4360	3036	dnrepairer.exe	92
PID 3036 wrote to memory of 4360	3036	dnrepairer.exe	92
PID 3036 wrote to memory of 4360	3036	dnrepairer.exe	92
PID 4360 wrote to memory of 4384	4360	net.exe	94
PID 4360 wrote to memory of 4384	4360	net.exe	94
PID 4360 wrote to memory of 4384	4360	net.exe	94
PID 3036 wrote to memory of 4380	3036	dnrepairer.exe	95
PID 3036 wrote to memory of 4380	3036	dnrepairer.exe	95
PID 3036 wrote to memory of 4380	3036	dnrepairer.exe	95
PID 3036 wrote to memory of 4324	3036	dnrepairer.exe	96
PID 3036 wrote to memory of 4324	3036	dnrepairer.exe	96
PID 3036 wrote to memory of 4324	3036	dnrepairer.exe	96
PID 3036 wrote to memory of 2716	3036	dnrepairer.exe	97
PID 3036 wrote to memory of 2716	3036	dnrepairer.exe	97
PID 3036 wrote to memory of 2716	3036	dnrepairer.exe	97
PID 3036 wrote to memory of 5008	3036	dnrepairer.exe	98
PID 3036 wrote to memory of 5008	3036	dnrepairer.exe	98
PID 3036 wrote to memory of 5008	3036	dnrepairer.exe	98
PID 3036 wrote to memory of 4884	3036	dnrepairer.exe	99
PID 3036 wrote to memory of 4884	3036	dnrepairer.exe	99
PID 3036 wrote to memory of 4884	3036	dnrepairer.exe	99
PID 3036 wrote to memory of 4296	3036	dnrepairer.exe	100
PID 3036 wrote to memory of 4296	3036	dnrepairer.exe	100
PID 3036 wrote to memory of 4296	3036	dnrepairer.exe	100
PID 3036 wrote to memory of 4812	3036	dnrepairer.exe	101

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2236
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnmultiplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1096
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnupdate.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3064
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM bugreport.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:692
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -downloader -openid=1009 -language=es -path="C:\LDPlayer\LDPlayer9\" -silence
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /F /IM dnmultiplayerex.exe /T
    3⤵
    - Kills process with taskkill
    PID:5116
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM fynews.exe
    3⤵
    - Kills process with taskkill
    PID:3744
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM ldnews.exe
    3⤵
    - Kills process with taskkill
    PID:4720
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9BoxHeadless.exe /T
    3⤵
    - Kills process with taskkill
    PID:4648
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9BoxSVC.exe /T
    3⤵
    - Kills process with taskkill
    PID:1616
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9VirtualBox.exe /T
    3⤵
    - Kills process with taskkill
    PID:3560
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM VBoxManage.exe /T
    3⤵
    - Kills process with taskkill
    PID:512
- - C:\LDPlayer\LDPlayer9\dnrepairer.exe
    "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=196810
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Windows\SysWOW64\net.exe
      "net" start cryptsvc
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        5⤵
        
        PID:4384
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Softpub.dll /s
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Wintrust.dll /s
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Initpki.dll /s
      4⤵
      PID:2716
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32" Initpki.dll /s
      4⤵
      PID:5008
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" dssenh.dll /s
      4⤵
      PID:4884
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" rsaenh.dll /s
      4⤵
      PID:4296
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" cryptdlg.dll /s
      4⤵
      PID:4812
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:4828
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:4864
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:4904
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9BoxHeadless.exe /T
      4⤵
      Kills process with taskkill
      PID:680
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9BoxSVC.exe /T
      4⤵
      Kills process with taskkill
      PID:408
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9VirtualBox.exe /T
      4⤵
      Kills process with taskkill
      PID:2492
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM VBoxManage.exe /T
      4⤵
      Kills process with taskkill
      PID:1404
  - - C:\Windows\SysWOW64\dism.exe
      C:\Windows\system32\dism.exe /Online /English /Get-Features
      4⤵
      Drops file in Windows directory
      PID:1792
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      PID:2884
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      PID:3428
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      PID:4932
  - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
      "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3564
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
      4⤵
      Loads dropped DLL
      PID:1248
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
      4⤵
      Loads dropped DLL
      PID:3560
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:752
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3752
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      PID:700
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" start Ld9BoxSup
      4⤵
      Launches sc.exe
      PID:4352
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2708
- - C:\LDPlayer\LDPlayer9\driverconfig.exe
    "C:\LDPlayer\LDPlayer9\driverconfig.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1736
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM dnmultiplayerex.exe
    3⤵
    - Kills process with taskkill
    PID:2284
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f "C:\LDPlayer\ldmutiplayer\" /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:428
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:208
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" "C:\LDPlayer\ldmutiplayer\" /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:3728
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2860
- C:\LDPlayer\LDPlayer9\dnplayer.exe
  "C:\LDPlayer\LDPlayer9\\dnplayer.exe"
  2⤵
  PID:4948
- - C:\Windows\SysWOW64\sc.exe
    sc query HvHost
    3⤵
    - Launches sc.exe
    PID:1956
- - C:\Windows\SysWOW64\sc.exe
    sc query vmms
    3⤵
    - Launches sc.exe
    PID:3376
- - C:\Windows\SysWOW64\sc.exe
    sc query vmcompute
    3⤵
    - Launches sc.exe
    PID:5440
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
    3⤵
    PID:5628
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
    3⤵
    PID:5692
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
    3⤵
    PID:5760
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM ldcurl.exe /T
  2⤵
  - Kills process with taskkill
  PID:596

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
1⤵
PID:4352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310
1⤵
PID:3848

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
PID:4504
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  PID:5844
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  PID:5884
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  PID:5920
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  PID:5956
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  PID:5992

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:5508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:3384

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5576

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
596.9MB

MD5
70d100f57dc8ff9be6a9e52e2106e5b0

SHA1
5fec67edf1636d67c5419d6de42008d60004aa7a

SHA256
0394879779f4ccddcd727c4b79e0c2149e0948d10457b425b2217d78912a7d2f

SHA512
700bdb5b9825ecefa1067e10c929b9ab713a0f455a24e6d764e3f71a38bc1f2606dac35e44d74cbffacf3e26ea6aac73bcf663122d83e30d6e37822fdb7ebcf0

Download Submit
C:\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
596.9MB

MD5
70d100f57dc8ff9be6a9e52e2106e5b0

SHA1
5fec67edf1636d67c5419d6de42008d60004aa7a

SHA256
0394879779f4ccddcd727c4b79e0c2149e0948d10457b425b2217d78912a7d2f

SHA512
700bdb5b9825ecefa1067e10c929b9ab713a0f455a24e6d764e3f71a38bc1f2606dac35e44d74cbffacf3e26ea6aac73bcf663122d83e30d6e37822fdb7ebcf0

Download Submit
C:\LDPlayer\LDPlayer9\MSVCP120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\MSVCR120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
47594a13a96452dc9a6d015285099c99

SHA1
1ab4ea01b00d1e871181de2854f1005a579e768d

SHA256
daf3b0cfbc9758ecfa99efcc04d4b3e0d0ce591a03de65f6c7f366ccbc7d22a2

SHA512
2d6caf2ac3ac69c87484f1821ec4a7dcc01aca14df4e8c48285fe3d4b8df5fe3698758b32716a47175e3ed3b864a2508c05016a9aa33119fc25bd29dfe9a7327

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.2MB

MD5
b9cdcbf6b93e605eaa03847262fbc1bb

SHA1
4d74e559c7efd7e827ea9324347ca3fd642396f3

SHA256
cbc0b01898e5fe1d9ace514cdc385eb3b2437685d4eeb86663730e2024350b6a

SHA512
09c6f10a5c192a7aeecfc0ee953d6fd7f735e848d031c6ac46e00d817bddbbbb3ee0c13839f4c730e6ae4e6676930bf39e1c7f199f7cb8f802453ee276b970cd

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.1MB

MD5
10f90c472df66ccd1615350a067e6c0a

SHA1
08d4309ae899739d5ea5bd085e5785903f049f05

SHA256
1aa7466a111b3bac19c90f8b64a5378c90c462a734a331c9368e29595bc50664

SHA512
e61ec4acc3eafe24a248b50e13a34f73acda9b16535cb250f34f5f3a9d660a1a57e43fd0ad2aed09e7c9209d6871a19432a878e5d0401b14f31dffe9f0b8db84

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
c01822eff7bdc525c3d80af0596a8627

SHA1
3d28d70615157c2bf7250803b80dca7c02bc9140

SHA256
082b3cdd98dac6e158a7633e8dbb8143dc7245f800f38dc8296f4d2ed71c5631

SHA512
53fd20e2f6eaf1e5352fcd1a05acd49937f6c9b1df3c9565cb68436f495f2642a150d9344060e408a65ec104cdac6bc595a180cf0b17bfc5b13f38b8ef5752b6

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
c01822eff7bdc525c3d80af0596a8627

SHA1
3d28d70615157c2bf7250803b80dca7c02bc9140

SHA256
082b3cdd98dac6e158a7633e8dbb8143dc7245f800f38dc8296f4d2ed71c5631

SHA512
53fd20e2f6eaf1e5352fcd1a05acd49937f6c9b1df3c9565cb68436f495f2642a150d9344060e408a65ec104cdac6bc595a180cf0b17bfc5b13f38b8ef5752b6

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
4.4MB

MD5
bd51aa3efb4d9a7358f6d6c60e418b44

SHA1
e00418a17e0778a9f28b49059f27dda10cd509a0

SHA256
8abf5928b224ff05fabd299e5cb20952f8ff5b6117e8f7dc307b13cabfd1b721

SHA512
21fceadc3d3ad7936720da2468fdc9da79e75a485f4581512a15d2c1fd8507b8d6603336ce020550ba9bd3b59fbbf7651e834996d733cfa6ada4014395711080

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

Filesize
4.4MB

MD5
bd51aa3efb4d9a7358f6d6c60e418b44

SHA1
e00418a17e0778a9f28b49059f27dda10cd509a0

SHA256
8abf5928b224ff05fabd299e5cb20952f8ff5b6117e8f7dc307b13cabfd1b721

SHA512
21fceadc3d3ad7936720da2468fdc9da79e75a485f4581512a15d2c1fd8507b8d6603336ce020550ba9bd3b59fbbf7651e834996d733cfa6ada4014395711080

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1302.1MB

MD5
c966f8f8119979f3ef5207773c01796c

SHA1
cf4a43a843a51ffc54bb02e60d38cc834ac019a7

SHA256
635507b699ef8ac9ac1529ba9b9da130aeeb24c01f8215a6cfaabbf395fb5994

SHA512
c013400d681628faa8d690e03db5db48744c3544bb2b0c0ecdaebe8ed4b5b7c9cba06c3413cb917f5075193917a59030c67734a6b812ce591de1395947c17e0c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\EGL.dll

Filesize
532KB

MD5
58e961cd17ee3300b5c4d10d10160aa3

SHA1
c2f8e1003f9e1de8fb1da1290f9586ba2870b03d

SHA256
dd518c34752d44cf90254f63f446739db29c101dbcc1656dfdb712a380805cc6

SHA512
0386c5e0867ec976273e7ad6d54269947aa0cf573a656f73849a6034eed27b7497a5a79cc4ca486ef66af0416ab769b2481acf8625a2411312891818ac7fd846

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll

Filesize
379KB

MD5
0d22b50fd7fa32aadded3f83851728f7

SHA1
9a1312ed22332d7beee4ce1dd02f6caccf8a04db

SHA256
de946643ab8e45dd5f9297f68cf270ef066eccf002cbf07de8a15d1b7c50d5e2

SHA512
0391be6e311decfb1aeb451b82a52a965d395a4a2d9df36e691568fc92a2b61a78d3590dc78c828b661e1468c39eef7d6c9bdaec3a3d8e8c39496be7978de192

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_CM.dll

Filesize
1.0MB

MD5
8e298a2a2faa84b5007525743355b88a

SHA1
de395b073e7bfad0b5e0e6776a6eba08ce62b10b

SHA256
536580a50fbb7d2fd09c1a255c38e78f0236d18c022b1b6e10b3f7c31b725a90

SHA512
4850fb4f58e35dde085159443a70178656ece0bea0de68c2208d5fe068526b68e70f593ef9132a11ee36094e5d739385664e2f24e4007fc57ffb2318149db964

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2.dll

Filesize
2.7MB

MD5
574e46f5201fb6d34272c5c6a0c31a0b

SHA1
f0057d5a98371f64b2fdf5d1fb5c5922591228c7

SHA256
5c6ba8dd9c756092e1e51eaa83a105606b31cbd66b59ca53eedea1627423a8b5

SHA512
394617e94a77a6290feb8d25dab370a2128f69323c1275a36b38653d021e481dfdde3fac849440c1097bf58564d9f20269110345689cf973037137f3d5891393

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2_utils.dll

Filesize
1.3MB

MD5
fc5d943f6b3f6bcfbcbce93002eb3f9b

SHA1
a3f4e5a6c552ff5baa4c2c3bd43ead53bf7af2ac

SHA256
d652d8a738f3c1b1757f16987fac2545c7657699075dd6af2747ca800fe068cc

SHA512
b382a96eeee9fa0f62f5edfbee74b39eed1ebfca0f2541c55df09e550e1a96b25cee99d943a519ccfff27e013ba287eca48e6f7171050c16b62270b6aef5713b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
1fb62ef7e71b24a44ea5f07288240699

SHA1
875261b5537ed9b71a892823d4fc614cb11e8c1f

SHA256
70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a

SHA512
3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
0fb91d94f6d006da24a3a2df6d295d81

SHA1
db8ae2c45940d10f463b6dbecd63c22acab1eee2

SHA256
e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8

SHA512
16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
c1fdd419184ef1f0895e4f7282d04dc5

SHA1
42c00eee48c72bfde66bc22404cd9d2b425a800b

SHA256
e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7

SHA512
21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
e46bc300bf7be7b17e16ff12d014e522

SHA1
ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44

SHA256
002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e

SHA512
f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
e87192a43630eb1f6bdf764e57532b8b

SHA1
f9dda76d7e1acdbb3874183a9f1013b6489bd32c

SHA256
d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf

SHA512
30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
7041205ea1a1d9ba68c70333086e6b48

SHA1
5034155f7ec4f91e882eae61fd3481b5a1c62eb0

SHA256
eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

SHA512
aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
8fd05f79565c563a50f23b960f4d77a6

SHA1
98e5e665ef4a3dd6f149733b180c970c60932538

SHA256
3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

SHA512
587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
cedbeae3cb51098d908ef3a81dc8d95c

SHA1
c43e0bf58f4f8ea903ea142b36e1cb486f64b782

SHA256
3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0

SHA512
72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
13b358d9ecffb48629e83687e736b61d

SHA1
1f876f35566f0d9e254c973dbbf519004d388c8d

SHA256
1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd

SHA512
08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
c9649c9873f55cb7cdc3801b30136001

SHA1
3d2730a1064acd8637bfc69f0355095e6821edfd

SHA256
d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f

SHA512
39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
11KB

MD5
bedc3d74c8a93128ef9515fd3e1d40eb

SHA1
d207c881751c540651dbdb2dbd78e7ecd871bfe1

SHA256
fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32

SHA512
cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
769bf2930e7b0ce2e3fb2cbc6630ba2e

SHA1
b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

SHA256
d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

SHA512
9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
89766e82e783facf320e6085b989d59d

SHA1
a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed

SHA256
b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90

SHA512
ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
b8bce84b33ae9f56369b3791f16a6c47

SHA1
50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4

SHA256
0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8

SHA512
326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
77e9c54da1436b15b15c9c7e1cedd666

SHA1
6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360

SHA256
885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658

SHA512
6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
540d7c53d63c7ff3619f99f12aac0afe

SHA1
69693e13c171433306fb5c9be333d73fdf0b47ed

SHA256
3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36

SHA512
ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
6486e2f519a80511ac3de235487bee79

SHA1
b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

SHA256
24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

SHA512
02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll

Filesize
10KB

MD5
a37faea6c5149e96dc1a523a85941c37

SHA1
0286f5dafffa3cf58e38e87f0820302bcf276d79

SHA256
0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e

SHA512
a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
11KB

MD5
6e46e5cca4a98a53c6d2b6c272a2c3ba

SHA1
bc8f556ee4260cce00f4dc66772e21b554f793a4

SHA256
87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce

SHA512
cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
b72698a2b99e67083fabd7d295388800

SHA1
17647fc4f151c681a943834601c975a5db122ceb

SHA256
86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378

SHA512
33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
e1debeda8d4680931b3bb01fae0d55f0

SHA1
a26503c590956d4e2d5a42683c1c07be4b6f0ce7

SHA256
a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d

SHA512
a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
a639c64c03544491cd196f1ba08ae6e0

SHA1
3ee08712c85aab71cfbdb43dbef06833daa36ab2

SHA256
a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

SHA512
c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
56486925434ebcb5a88dd1dfa173b3d0

SHA1
f6224dd02d19debc1ecc5d4853a226b9068ae3cd

SHA256
4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce

SHA512
7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
6f9f9d52087ae4d8d180954b9d42778b

SHA1
67419967a40cc82a0ca4151589677de8226f9693

SHA256
ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

SHA512
22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
7243d672604766e28e053af250570d55

SHA1
7d63e26ffb37bf887760dc28760d4b0873676849

SHA256
f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18

SHA512
05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
c0c8790510471f12f3c4555e5f361e8e

SHA1
7adffc87c04b7df513bb163c3fbe9231b8e6566a

SHA256
60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80

SHA512
4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
ebac9545734cc1bec37c1c32ffaff7d8

SHA1
2b716ce57f0af28d1223f4794cc8696d49ae2f29

SHA256
d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26

SHA512
0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
c7c4a49c6ee6b1272ade4f06db2fa880

SHA1
b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e

SHA256
37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f

SHA512
62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
bef17bf1ba00150163a2e1699ff5840a

SHA1
89145a894b17427f4cb2b4e7e814c92457fd2a75

SHA256
48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328

SHA512
489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fbfcf220f1bf1051e82a40f349d4beae

SHA1
43154ea6705ab1c34207b66a0a544ac211c1f37d

SHA256
9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

SHA512
e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
2c8e5e31e996e2c0664f4a945cece991

SHA1
8522c378bdd189ce03a89199dd73ed0834b2fa95

SHA256
1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979

SHA512
14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
77c5cc86b89eed37610b80f24e88dcc2

SHA1
d2142ecce3432b545fedc8005cc1bf08065c3119

SHA256
3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6

SHA512
81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
4394dafed734dfe937cf6edbbb4b2f75

SHA1
06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a

SHA256
35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345

SHA512
33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll

Filesize
60KB

MD5
18bdfd4b9e28f7eba7cbb354e9c12fcb

SHA1
26222efacb3fce1995253002c3ce294c7045cf97

SHA256
3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154

SHA512
7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
7ddd5548e3c4de83d036b59dbf55867a

SHA1
e56b4d9cfca18fb29172e71546dc6ef0383ac4e9

SHA256
75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef

SHA512
9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
a3f630a32d715214d6c46f7c87761213

SHA1
1078c77010065c933a7394d10da93bfb81be2a95

SHA256
d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

SHA512
920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
c99c9eea4f83a985daf48eed9f79531b

SHA1
56486407c84beecadb88858d69300035e693d9a6

SHA256
7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

SHA512
78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
d3d72d7f4c048d46d81a34e4186600b4

SHA1
cdcad0a3df99f9aee0f49c549758ee386a3d915f

SHA256
fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

SHA512
6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a992f1e06c3c32ffe9799d4750af070a

SHA1
97ffd536d048720010133c3d79b6deed7fc82e58

SHA256
b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f

SHA512
50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cb4a19b88bec5a8806b419cf7c828018

SHA1
2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d

SHA256
97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7

SHA512
381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll

Filesize
336KB

MD5
65f2e5a61f39996c4df8ae70723ab1f7

SHA1
7b32055335b37d734b1ab518dcae874352cd6d5c

SHA256
8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab

SHA512
0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll

Filesize
51KB

MD5
e05a070ff812388a06eef4cb7546f37d

SHA1
478693e171a332aff37e5f596847f262cd567726

SHA256
e623aaccfd0f402db8906e3034cfb7efb2ea192b14fa5e6a9776f6f71a3e22dc

SHA512
4e233ee7c60a7d319b46454850250d840f190f6aa3a82531d36104f9b1aa8563c6761ab09542a0f8388a03632ddf6d2272081b5bb0a26856ddbf803e73440a8f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll

Filesize
67KB

MD5
e20426e0a31da5fc5315b690deb0a479

SHA1
cd3f78ac8ba659a2ca8b4b5e598e7937ab73fd3d

SHA256
5a3a1e9b982ba209aacd1592e91aad59097c6e580c361401eec2e34f42895427

SHA512
2bd9755d1129329b2a4006818aaa4fcc7a87347990ce1f12db580d1a291dfa3cbfb20ebc2f052ceb14d7fc368a03e867a126c6c55f4b6686d965df00f1bff278

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
641B

MD5
cefcc195c42d21383c3767d90133c8e9

SHA1
a05c416ec5761893d598dc9a88a8e9266e83e992

SHA256
13c4d2b416f615abd2c65c15a4f48e8a67238a3ec327b688182d5e2e8a97d46c

SHA512
7b41924d734496f9a26add59fbfc5f65a3036f017b97659841e327de22b8e4fe53800b2526c29b15c4aa9cc0242c0521ca48afc5a37d501c1287dacf8a507d46

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\Tom and Jerry[Keyboard operation mode]@01 (Jerry).kmp

Filesize
16KB

MD5
07d721d103540e005fdd784664cfbaa6

SHA1
ef4d304ed3c0162def5e623c87521a47dd323807

SHA256
b41b5b9abe8fd82fb5ac32a3d36e6bc16e5ac40987bc59999c489706431f50e9

SHA512
e2276cd4af34657bb82f44dbedba6df523d788a1c9d24752d3e11925cad73a71e73e1cd8ceafbb45404dd8204267f2ed2ed5793cf73c18bbbb0c5ba4fd73bca4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\灌籃高手@06(KAEDE RUKAWA).kmp

Filesize
12KB

MD5
c6663359083f11a6bddc7a1fbcaa264a

SHA1
ebf1c4102196308d69df6b3ccef8e78de7ed2ef5

SHA256
437ec41da7414e58f96d8d04991cacbdd5ef042bb64f22e787d4ce526b17164f

SHA512
cfdb84d44a3977c3404cf6aea5f416047ffbba84eda461eef081b4eca14bb89ef0eda3e6990db72bdca8ef945c395073a0ee165350585815fdb5be677ed31ba4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\灌籃高手@06(YOSHINORI MIYAMASU).jmp

Filesize
6KB

MD5
3a1ea631538635231c83fbb0e6b43172

SHA1
793f2f995e22473ed51edf8c819bd137a638a3b8

SHA256
55694d965640d1fd88285eedc4ea1888019d19f921f58b19ca3e6a065bdd8e2d

SHA512
b4a86d6ffc76c31407338a405f65f8c16a18a082a52c5968fc10c6c13f037cec79e90a3b46b00794cb4564a1696d0bc965bc02bbb16abfb88dfe7bab1b6d22ca

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@01[PC Model](Annie).kmp

Filesize
26KB

MD5
60c3815bfe36f047ec0434926d319ced

SHA1
90f628debbb2bde75ec6939c8a904c21ca05ba14

SHA256
9ec1f1bc3fa1a78374783aea451573c935b4338b737ecd4e17faabdf801195ec

SHA512
095471941ba9ca0eeec27a156ebcce360c10afd9cb8e926e4af755d6e69f3513fae28c1140056016b3768172684418ece1d51b4440a2f693ef1c4d57a4732b75

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@01[PC Model].kmp

Filesize
27KB

MD5
9428775132f0283a87811f3af2ad2665

SHA1
bc2c735c1a4465a8330eb6667de95d0e5135920f

SHA256
bdf12a17e6ae1c7489c43030b2a951bf293eb67ee2c4980a3024432f41ce1017

SHA512
6980a4e8d333fcefc52dbdeafb1df4c8c7a459bce89851e7a50a940f45c666eb9e921a8a0efdb8720b1d4b2c1dcf04db945f2b2484b76d417f064344b62cd504

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Aurelion Sol).kmp

Filesize
23KB

MD5
e4765481e0f9bb9f97ee64b2987538e1

SHA1
f743b059b3f5c90f470dac43a4cd7a9cdd769175

SHA256
3bdcbbb5bb7e7ad314d998102b9167db29fe0fee899f77dcc6bc0d69c1ccfaa6

SHA512
94a598e37cec4e62931eb205b8a0c918dcf89af3e9cd61bb5cf58c15a0886b69d72231d679c4ace820e70446da2823c7912c33e1d69766686249d9b3b3cdf286

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Gragas).kmp

Filesize
23KB

MD5
5ded88ce9d7367113a78b8c336df4673

SHA1
a51a4a26cad36d5fb534cec1ab4b7a9b824e2ec2

SHA256
7b7022382d048ec86e66e42e38658d5631e890e1487cd6623ece44ca09795c21

SHA512
e0c771951fcf676e3cf56143b22a17fa9b5402ca9d8f176b94e372b275c2ea23e793076242dbdeaf56fa4cd8aa63958b8c3f66d9ee0504a2064c633f5cd4fad0

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Jax).kmp

Filesize
23KB

MD5
8334cc6e12498113249be9a208c6d3c4

SHA1
3bb4994f4cc9d240c9545e1a33b6ed8e5cee81bf

SHA256
40f0985c85e59bc0c142d8ddbdf86f39dbd0daf084e0457043c4ddcaab14fa48

SHA512
3475e239c98ef55dfbd50051660b31116ea5f008779b562727d0a53420a75d0f06a6c40b602ea6d91b3ef0640f1c8e79506c8b7e83307cc5c9e474af97bee20e

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Kaisa).kmp

Filesize
23KB

MD5
100574d0a4008a70cf2f6bd159d3c4cb

SHA1
78661c0148e85463eeb2b78163284d09c6213308

SHA256
9f18bfbc99c7b8e0f37047daa1e08884151aa57b3072d5a837a2b0188ee1735a

SHA512
b9aceb5c2e3b261bc918a840e06d022a4b671af28f3bbf3901fafe417b4940606558b10675ae21ae980d778894cdb07a13320a932a83a2c0520550a799cb20fc

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Wukong).kmp

Filesize
23KB

MD5
c6795ef98df6ed699012201e9a492885

SHA1
f3caed409650b21fd98dc40930676ad8673a67a1

SHA256
2c3b5866e12aef9af9310c8cf81b77f4085c74a78017d59f6f7cbce8a5077c5c

SHA512
c48ee45de4f1219c1290fcde63ffd664cb65a4976048b097143a8627dca511b2ca99a1912f6e7080d4940b9ac0ed8c80ea1ffd00d985fa7eaf2a54598a035f75

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@01[PC Model](Annie).kmp

Filesize
27KB

MD5
64ffff6ea4dc45370ce3eb6b9a749e38

SHA1
aab55ae7eab6ad3257c63cf234634ef6ae5796d1

SHA256
ebfae17c910125fa35cc8cac824ca7bb7aa375192a08f01bafb0383d41e150c0

SHA512
50d8e9f5be2780e7428879adf29eaf1b69b25aa5694a42f0e31b197d3df203a71c84f392acff140a0477af15dc87e893144b539bd829edd1fbbcfaf089d345b4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Aurelion Sol).kmp

Filesize
23KB

MD5
682affc6815ef14407a0ccaa2a9d10b4

SHA1
2a2cff38810242cc9b11ee117c140166216d6562

SHA256
525e5a747d0929595e768bbe44d06e29a73a90a560062abc3c995b9ea0995993

SHA512
f19ec184893627a25b993c5628339ea3ae4bba8a72f0358d94987763259f176feb543aa552422a66647def71b236e5c6ee58c97ac6978d4a27b5a1f8c5f1c97d

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Draven).kmp

Filesize
23KB

MD5
d61e02e3a98f4b9f5d48583d4ef06183

SHA1
be5cc1136b519d40e49186f9f1388c32f8178239

SHA256
34a9313a9114fee24cfe249b0e67dcd3d40bb6827a70df8254f0e14ef2f6a647

SHA512
d61b8a181cb870f3970b8930473ab8e4610b152c65076ec0c1f11ae3043b967cae618e641e53d1585cbb14ea63a5baf0199cccc8deeafe8861854c8887c685bd

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Malphite).kmp

Filesize
23KB

MD5
77c6bdcc7f852110d3fe2abb856453e8

SHA1
388d267618745237ed5aa50f686d6308aaa3dd29

SHA256
0f857556c697c2afa9520c9fc652fd4f1ae43580db97f4dd26ba3b6df7e886af

SHA512
c03fdc1e9d636f2e86d83ff0999833c7794f3e49afa7e3cf64a76027f89a747da7a3f05b0d9caa797ab201b85ae972188b3e85d47227f5ff0bd190be471ebc11

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Seraphine).kmp

Filesize
23KB

MD5
f04cd4a8f6845ce984435e7b6a1e5cd0

SHA1
95d57f868a9e4eec02ea3d66e83747138112187d

SHA256
da34ebebb3e51abcd3f94262f0191e4f9222275622473ce62e40cfa1cdd6ba8f

SHA512
48b3ba2e7689245bf4cdb7db931a770e2e274e7873191644f45c8fa32417428e1813ff54beba74ef1396aaa55ee550764e52c5b0de3b78e866ad8f30a3f7a56f

Download Submit
C:\LDPlayer\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\ldmutiplayer\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\ldmutiplayer\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IBARL1QT\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\119VK023\favicon[1].ico

Filesize
1KB

MD5
f35e0d42347856792071f091850462c7

SHA1
ec9b3dc0881b2a9c731b44b9a9ae9f88164c8c70

SHA256
265008c4813fe2e785807c3e5cce629c030fddfd40ee1b1449bbe4a0a94705b1

SHA512
3e8af4ae8aa474c7c7e40e41bb08edc54080a4f33c574476caadd1aab1b238cdb70c70f688fe2f7dd9cdd39005fdbb38af39ec1d51e2aca58d7fea4502bfcc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ozodn4u0.rsj.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
73KB

MD5
796e33749b9e745bb3154c320e6e5aab

SHA1
f3dd8551dbe2d4533264bc0ac56e9a5090a45e64

SHA256
151dae276c97ef0a75b004fd8609540095c10a4832306446da4c063974156ffc

SHA512
058f0f7188fb738ed2b1ae60fa8bc4f241808e0df51dec771ac9cf07d42b31aadc2fd2dd81b5ddb6e6c9c1529fd573b050ccd90e1ed75356869307be0ea0d7d5

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
190KB

MD5
b25f18c3f6d5afd4864a1f89e401c11f

SHA1
84675133a3b6ab8c98d06619f554bddba0786498

SHA256
34aa98bba286817ff0a57f9ab2de190750b3e0cf5ae682b2977e2f2312ed0cf4

SHA512
3f2bdd761dd3c93233df555c800925eff05cf73f61ff9a7fe5c14d14691b4704d2969b98959decfe0a7b59ddb60fa58ae9d3a3d21becc22454cbaa8e9f8b12ff

Download Submit
\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
47594a13a96452dc9a6d015285099c99

SHA1
1ab4ea01b00d1e871181de2854f1005a579e768d

SHA256
daf3b0cfbc9758ecfa99efcc04d4b3e0d0ce591a03de65f6c7f366ccbc7d22a2

SHA512
2d6caf2ac3ac69c87484f1821ec4a7dcc01aca14df4e8c48285fe3d4b8df5fe3698758b32716a47175e3ed3b864a2508c05016a9aa33119fc25bd29dfe9a7327

Download Submit
\LDPlayer\LDPlayer9\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
\LDPlayer\LDPlayer9\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
62KB

MD5
2204cba332566d808353f256bd211595

SHA1
8da4d578601335c86a3c0b432d37011da316b6cc

SHA256
305c66014595e119140102a83fde0928b46902f7b5bd358cbfaf06145964ca3e

SHA512
ab58f9a6b6171a87eddddcfd11b49708269f33ab0f9f8406202eedb21c873aa2a38234f51f0b073ea84f7a182aff82b8e0596fb61400ffbc8d873fed7475fe7a

Download Submit
memory/1676-150-0x00000000083D0000-0x0000000008462000-memory.dmp

Filesize
584KB

Download
memory/1676-154-0x0000000008F70000-0x0000000008F8A000-memory.dmp

Filesize
104KB

Download
memory/1676-136-0x0000000007FE0000-0x0000000007FF4000-memory.dmp

Filesize
80KB

Download
memory/1676-148-0x0000000004260000-0x0000000004270000-memory.dmp

Filesize
64KB

Download
memory/1676-149-0x0000000008690000-0x0000000008B8E000-memory.dmp

Filesize
5.0MB

Download
memory/1676-151-0x0000000008F10000-0x0000000008F54000-memory.dmp

Filesize
272KB

Download
memory/1676-152-0x0000000008FF0000-0x000000000908C000-memory.dmp

Filesize
624KB

Download
memory/1676-159-0x000000000A520000-0x000000000A52A000-memory.dmp

Filesize
40KB

Download
memory/1676-153-0x0000000009090000-0x00000000090F6000-memory.dmp

Filesize
408KB

Download
memory/1676-158-0x0000000004260000-0x0000000004270000-memory.dmp

Filesize
64KB

Download
memory/1676-157-0x00000000091E0000-0x0000000009220000-memory.dmp

Filesize
256KB

Download
memory/1676-156-0x0000000009250000-0x0000000009352000-memory.dmp

Filesize
1.0MB

Download
memory/1676-155-0x0000000009630000-0x0000000009B5C000-memory.dmp

Filesize
5.2MB

Download
memory/2708-787-0x0000000006F30000-0x0000000006F40000-memory.dmp

Filesize
64KB

Download
memory/2708-935-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/2708-966-0x0000000009250000-0x000000000925E000-memory.dmp

Filesize
56KB

Download
memory/2708-933-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/2708-814-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/2708-815-0x0000000009500000-0x000000000954A000-memory.dmp

Filesize
296KB

Download
memory/2708-816-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/2708-782-0x0000000006F50000-0x0000000006F72000-memory.dmp

Filesize
136KB

Download
memory/2708-813-0x00000000093C0000-0x0000000009465000-memory.dmp

Filesize
660KB

Download
memory/2708-817-0x00000000095F0000-0x0000000009684000-memory.dmp

Filesize
592KB

Download
memory/2708-808-0x0000000008F10000-0x0000000008F2E000-memory.dmp

Filesize
120KB

Download
memory/2708-783-0x0000000007720000-0x0000000007786000-memory.dmp

Filesize
408KB

Download
memory/2708-781-0x0000000006CC0000-0x0000000006D42000-memory.dmp

Filesize
520KB

Download
memory/2708-807-0x0000000009270000-0x00000000092A3000-memory.dmp

Filesize
204KB

Download
memory/2708-780-0x0000000007010000-0x0000000007638000-memory.dmp

Filesize
6.2MB

Download
memory/2708-790-0x0000000008170000-0x00000000081E6000-memory.dmp

Filesize
472KB

Download
memory/2708-789-0x0000000007E80000-0x0000000007ECB000-memory.dmp

Filesize
300KB

Download
memory/2708-788-0x0000000007700000-0x000000000771C000-memory.dmp

Filesize
112KB

Download
memory/2708-779-0x00000000044B0000-0x00000000044E6000-memory.dmp

Filesize
216KB

Download
memory/2708-786-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/2708-785-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/2708-784-0x0000000007900000-0x0000000007C50000-memory.dmp

Filesize
3.3MB

Download
memory/3384-2612-0x000001874FDB0000-0x000001874FDB2000-memory.dmp

Filesize
8KB

Download
memory/3384-2589-0x0000018750400000-0x0000018750410000-memory.dmp

Filesize
64KB

Download
memory/3384-2610-0x000001874CF80000-0x000001874CF81000-memory.dmp

Filesize
4KB

Download
memory/3384-2913-0x0000018756330000-0x0000018756331000-memory.dmp

Filesize
4KB

Download
memory/3384-2614-0x0000018754640000-0x0000018754642000-memory.dmp

Filesize
8KB

Download
memory/3384-2615-0x0000018754700000-0x0000018754702000-memory.dmp

Filesize
8KB

Download
memory/3384-2901-0x0000018756310000-0x0000018756311000-memory.dmp

Filesize
4KB

Download
memory/3976-2749-0x0000018B316F0000-0x0000018B316F2000-memory.dmp

Filesize
8KB

Download
memory/3976-2764-0x0000018B32F00000-0x0000018B33000000-memory.dmp

Filesize
1024KB

Download
memory/3976-2718-0x0000018B300A0000-0x0000018B300C0000-memory.dmp

Filesize
128KB

Download
memory/3976-2737-0x0000018B30320000-0x0000018B30322000-memory.dmp

Filesize
8KB

Download
memory/3976-2740-0x0000018B30470000-0x0000018B30472000-memory.dmp

Filesize
8KB

Download
memory/3976-2742-0x0000018B31800000-0x0000018B31900000-memory.dmp

Filesize
1024KB

Download
memory/3976-2744-0x0000018B30010000-0x0000018B30012000-memory.dmp

Filesize
8KB

Download
memory/3976-2745-0x0000018B31650000-0x0000018B31670000-memory.dmp

Filesize
128KB

Download
memory/3976-2671-0x0000018B2F7A0000-0x0000018B2F7A2000-memory.dmp

Filesize
8KB

Download
memory/3976-2752-0x0000018B31E90000-0x0000018B31E92000-memory.dmp

Filesize
8KB

Download
memory/3976-2760-0x0000018B32220000-0x0000018B32240000-memory.dmp

Filesize
128KB

Download
memory/3976-2674-0x0000018B2F7C0000-0x0000018B2F7C2000-memory.dmp

Filesize
8KB

Download
memory/3976-2770-0x0000018B32500000-0x0000018B32520000-memory.dmp

Filesize
128KB

Download
memory/3976-2800-0x0000018B32E00000-0x0000018B32F00000-memory.dmp

Filesize
1024KB

Download
memory/3976-2833-0x0000018B32F00000-0x0000018B33000000-memory.dmp

Filesize
1024KB

Download
memory/3976-2839-0x0000018B33300000-0x0000018B33400000-memory.dmp

Filesize
1024KB

Download
memory/3976-2666-0x0000018B2F740000-0x0000018B2F742000-memory.dmp

Filesize
8KB

Download
memory/3976-2951-0x0000018B36080000-0x0000018B360A0000-memory.dmp

Filesize
128KB

Download
memory/3976-2921-0x0000018B337A0000-0x0000018B337C0000-memory.dmp

Filesize
128KB

Download
memory/4948-2564-0x000000006EA60000-0x000000006ECB1000-memory.dmp

Filesize
2.3MB

Download
memory/4948-2563-0x000000006F080000-0x000000006F0A4000-memory.dmp

Filesize
144KB

Download
memory/4948-1549-0x00000000364B0000-0x00000000364C0000-memory.dmp

Filesize
64KB

Download