plugx | 07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500

Analysis

max time kernel
508s
max time network
996s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_es_1009_ld.exe
Size

2.9MB
MD5

79170cdc94a59fd6e174bd56d8ccadcb
SHA1

c3e8aa07bfb7625194def68231b4db42ca3d6610
SHA256

07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500
SHA512

7eb94acbf573a7528709197c96d7edaebce05d1f9aebb5a5992b4fb8c6b88e4cd4c9a4edd1f030362832860da992282476a13dcdb1cb8ca51065df7804a8afc3
SSDEEP

49152:mi/fEwEHpp4/PrRw1SYFjAbDiY+UjwxxtG8N9Hm:mi/8wEHpW/Pa1BF8+QwxKj

Score

10^/10

plugx redline discovery exploit infostealer persistence trojan

Malware Config

Signatures

Detects PlugX payload 1 IoCs

Processes:

resource	yara_rule
C:\LDPlayer\LDPlayer9\system.vmdk	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
C:\LDPlayer\LDPlayer9\system.vmdk	family_redline

Creates new service(s) 1 TTPs
persistence

New Service
T1050
Downloads MZ/PE file
Possible privilege escalation attempt 8 IoCs
exploit

Processes:

takeown.exeicacls.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exe

pid process

1736 takeown.exe
1892 icacls.exe
1664 icacls.exe
1056 takeown.exe
652 icacls.exe
1704 takeown.exe
2020 icacls.exe
572 takeown.exe
Modifies file permissions 1 TTPs 8 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exetakeown.exe

pid process

1892 icacls.exe
1664 icacls.exe
1056 takeown.exe
652 icacls.exe
1704 takeown.exe
2020 icacls.exe
572 takeown.exe
1736 takeown.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
1736	takeown.exe
1892	icacls.exe
1664	icacls.exe
1056	takeown.exe
652	icacls.exe
1704	takeown.exe
2020	icacls.exe
572	takeown.exe

pid	process
1892	icacls.exe
1664	icacls.exe
1056	takeown.exe
652	icacls.exe
1704	takeown.exe
2020	icacls.exe
572	takeown.exe
1736	takeown.exe

Drops file in Program Files directory 64 IoCs

Processes:

dnrepairer.exe

description	ioc	process
File created	C:\Program Files\ldplayer9box\VBoxC.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDragAndDropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxTestOGL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libcrypto-1_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\DbgPlugInDiggers.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstVMREQ.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxRes.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-math-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5WinExtras.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-utility-l1-1-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxEFI64.fd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcr120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdpInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSVGA3D.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libssl-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedFolders.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\ossltest.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxVMM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files\ldplayer9box\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vbox-img.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxAutostartSvc.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-convert-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\loadall.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxStubBld.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_V2_utils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ossltest.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\capi.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedClipboard.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\padlock.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\fastpipe.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe

Drops file in Windows directory 1 IoCs

Processes:

dism.exe

description ioc process

File opened for modification C:\Windows\Logs\DISM\dism.log dism.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe

Executes dropped EXE 14 IoCs

Processes:

LDPlayer.exednrepairer.exeLd9BoxSVC.exedriverconfig.exednplayer.exeLd9BoxSVC.exechrome.exevbox-img.exevbox-img.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exe

pid	process
2008	LDPlayer.exe
1156	dnrepairer.exe
528	Ld9BoxSVC.exe
304	driverconfig.exe
2044	dnplayer.exe
1680	Ld9BoxSVC.exe
3812	chrome.exe
3856	vbox-img.exe
3892	vbox-img.exe
3568	Ld9BoxHeadless.exe
3604	Ld9BoxHeadless.exe
3628	Ld9BoxHeadless.exe
3676	Ld9BoxHeadless.exe
3796	Ld9BoxHeadless.exe

Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

2024 sc.exe
1080 sc.exe
2128 sc.exe
3644 sc.exe
3684 sc.exe
1656 sc.exe
1892 sc.exe
2000 sc.exe

pid	process
2024	sc.exe
1080	sc.exe
2128	sc.exe
3644	sc.exe
3684	sc.exe
1656	sc.exe
1892	sc.exe
2000	sc.exe

Loads dropped DLL 64 IoCs

Processes:

LDPlayer9_es_1009_ld.exeLDPlayer.exednrepairer.exeLd9BoxSVC.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exedriverconfig.exednplayer.exe

pid	process
1128	LDPlayer9_es_1009_ld.exe
2008	LDPlayer.exe
1156	dnrepairer.exe
1156	dnrepairer.exe
1156	dnrepairer.exe
1156	dnrepairer.exe
1156	dnrepairer.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
528	Ld9BoxSVC.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
2028	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1168	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
1092	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
752	regsvr32.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
304	driverconfig.exe
304	driverconfig.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2044	dnplayer.exe
2044	dnplayer.exe

Registers COM server for autorun 1 TTPs 21 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

dnrepairer.exeregsvr32.exeLd9BoxSVC.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\""	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	Ld9BoxSVC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dnplayer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 17 IoCs

evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid	process
1240	taskkill.exe
1564	taskkill.exe
1316	taskkill.exe
1396	taskkill.exe
1432	taskkill.exe
1276	taskkill.exe
1184	taskkill.exe
1732	taskkill.exe
1540	taskkill.exe
776	taskkill.exe
1984	taskkill.exe
340	taskkill.exe
1540	taskkill.exe
948	taskkill.exe
1780	taskkill.exe
1060	taskkill.exe
1928	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exednplayer.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF7A13C1-EB7C-11ED-B99D-D28FF4BEF639} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e2000000000200000000001066000000010000200000005a6292060c1617e7567f0ca4a90e1280d9e23ad6504bd67458397cbb52a29b40000000000e8000000002000020000000394b41b9164bfe7a9fdbec7768dfb84c4c7b8be373ddc548dd280cd5eab50e4190000000d9251676f387cbfd1166fd2130a09b538f13ad06513e769051f6952b8ecc8db195063c20cfa4473d365a22fcc68be22c9ce1cd58f659e1bd4249e174cf427b7fe8b5ef7f1c0720edd43b9f22e0e976514ba413a46609a19827026b4a807dca96a74bb0e8457cebe2e100d2d03436638493de9a29d60b75e8e71b7528e96b6d9401877c6bafbb40a9f5ad30eea789835140000000506cbec017822c27897068e968f57c96f91e6aff999fdf5d7c9439968f3f86c837f27bc0376754d791faa8a0126c87ccd56c76564cef754c8abfd3de38c10b86	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fcd4c4897fd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E93034A1-EB7C-11ED-B99D-D28FF4BEF639} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MAIN	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e200000000020000000000106600000001000020000000f8d7d69c7a0a04c7dd5dcfcbc24d6f19ecac137c9742f5cefd0bdea6bba422f6000000000e800000000200002000000055066d59e551ff025d9c05d438c73121d33a7aad513dca8a36e85744a84c1d47200000001bedeaa3bcf605a46fe277483b8cde622b0a8217b0673e0fb692d732b745f36840000000fe5c9ac4dc85e67b34b8d7c68cd0d141b7e83bcd54e1d7751a9637d3b393b59136dd5254c868c4f7e103650bb39c738947f77dd5886fb6dce7b69361c4455b73	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "390080736"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeLd9BoxSVC.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\NumMethods\ = "35"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ = "IKeyboard"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-762E-4120-871C-A2014234A607}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods\ = "28"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7997-4595-A731-3A509DB604E5}\NumMethods\ = "13"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ = "ISession"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}\NumMethods\ = "25"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1c58-440c-bb7b-3a1397284c7b}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\ProgId	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CD54-400C-B858-797BCB82570E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\NumMethods\ = "13"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\ = "IDHCPGroupConfig"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\NumMethods\ = "39"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods\ = "19"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E621-4F70-A77E-15F0E3C714D5}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-416B-4181-8C4A-45EC95177AEF}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-80F6-4266-8E20-16371F68FA25}\ = "IReusableEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\NumMethods\ = "4"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499F-92C8-8BED814A567A}\NumMethods\ = "17"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20191216-DA7C-44C8-A7AC-9F173490446A}\NumMethods	regsvr32.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

dnplayer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	dnplayer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	dnplayer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded309000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	dnplayer.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

LDPlayer.exepowershell.exechrome.exe

pid	process
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
2008	LDPlayer.exe
1704	powershell.exe
2008	LDPlayer.exe
2588	chrome.exe
2588	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dnplayer.exe

pid process

2044 dnplayer.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid process

468
468
468
468
468
468

pid	process
468
468
468
468
468
468

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exeLDPlayer.exe

description	pid	process
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	1396	taskkill.exe
Token: SeDebugPrivilege	1540	taskkill.exe
Token: SeDebugPrivilege	1432	taskkill.exe
Token: SeTakeOwnershipPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe
Token: SeDebugPrivilege	2008	LDPlayer.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

dnplayer.exeiexplore.exeiexplore.exechrome.exe

pid	process
2044	dnplayer.exe
3820	iexplore.exe
3656	iexplore.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

Processes:

dnplayer.exechrome.exe

pid	process
2044	dnplayer.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3820	iexplore.exe
3820	iexplore.exe
3952	IEXPLORE.EXE
3952	IEXPLORE.EXE
3952	IEXPLORE.EXE
3952	IEXPLORE.EXE
3656	iexplore.exe
3656	iexplore.exe
4088	IEXPLORE.EXE
4088	IEXPLORE.EXE
4088	IEXPLORE.EXE
4088	IEXPLORE.EXE
3656	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

LDPlayer9_es_1009_ld.exeLDPlayer.exednrepairer.exenet.exe

description	pid	process	target process
PID 1128 wrote to memory of 1240	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1240	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1240	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1240	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1396	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1396	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1396	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1396	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1540	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1540	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1540	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1540	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1432	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1432	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1432	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 1432	1128	LDPlayer9_es_1009_ld.exe	taskkill.exe
PID 1128 wrote to memory of 2008	1128	LDPlayer9_es_1009_ld.exe	LDPlayer.exe
PID 1128 wrote to memory of 2008	1128	LDPlayer9_es_1009_ld.exe	LDPlayer.exe
PID 1128 wrote to memory of 2008	1128	LDPlayer9_es_1009_ld.exe	LDPlayer.exe
PID 1128 wrote to memory of 2008	1128	LDPlayer9_es_1009_ld.exe	LDPlayer.exe
PID 2008 wrote to memory of 1276	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1276	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1276	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1276	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1184	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1184	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1184	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1184	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 948	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 948	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 948	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 948	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 776	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 776	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 776	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 776	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1780	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1780	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1780	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1780	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1984	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1984	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1984	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1984	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1564	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1564	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1564	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1564	2008	LDPlayer.exe	taskkill.exe
PID 2008 wrote to memory of 1156	2008	LDPlayer.exe	dnrepairer.exe
PID 2008 wrote to memory of 1156	2008	LDPlayer.exe	dnrepairer.exe
PID 2008 wrote to memory of 1156	2008	LDPlayer.exe	dnrepairer.exe
PID 2008 wrote to memory of 1156	2008	LDPlayer.exe	dnrepairer.exe
PID 1156 wrote to memory of 1972	1156	dnrepairer.exe	net.exe
PID 1156 wrote to memory of 1972	1156	dnrepairer.exe	net.exe
PID 1156 wrote to memory of 1972	1156	dnrepairer.exe	net.exe
PID 1156 wrote to memory of 1972	1156	dnrepairer.exe	net.exe
PID 1972 wrote to memory of 2032	1972	net.exe	net1.exe
PID 1972 wrote to memory of 2032	1972	net.exe	net1.exe
PID 1972 wrote to memory of 2032	1972	net.exe	net1.exe
PID 1972 wrote to memory of 2032	1972	net.exe	net1.exe
PID 1156 wrote to memory of 1960	1156	dnrepairer.exe	regsvr32.exe
PID 1156 wrote to memory of 1960	1156	dnrepairer.exe	regsvr32.exe
PID 1156 wrote to memory of 1960	1156	dnrepairer.exe	regsvr32.exe
PID 1156 wrote to memory of 1960	1156	dnrepairer.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1240
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnmultiplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1396
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnupdate.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1540
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM bugreport.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1432
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1009 -language=es -path="C:\LDPlayer\LDPlayer9\"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /F /IM dnmultiplayerex.exe /T
    3⤵
    - Kills process with taskkill
    PID:1276
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM fynews.exe
    3⤵
    - Kills process with taskkill
    PID:1184
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM ldnews.exe
    3⤵
    - Kills process with taskkill
    PID:948
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9BoxHeadless.exe /T
    3⤵
    - Kills process with taskkill
    PID:776
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9BoxSVC.exe /T
    3⤵
    - Kills process with taskkill
    PID:1780
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM Ld9VirtualBox.exe /T
    3⤵
    - Kills process with taskkill
    PID:1984
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM VBoxManage.exe /T
    3⤵
    - Kills process with taskkill
    PID:1564
- - C:\LDPlayer\LDPlayer9\dnrepairer.exe
    "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=65890
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Suspicious use of WriteProcessMemory
    PID:1156
  - - C:\Windows\SysWOW64\net.exe
      "net" start cryptsvc
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        5⤵
        
        PID:2032
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Softpub.dll /s
      4⤵
      PID:1960
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Wintrust.dll /s
      4⤵
      PID:680
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Initpki.dll /s
      4⤵
      PID:2028
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32" Initpki.dll /s
      4⤵
      PID:2000
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" dssenh.dll /s
      4⤵
      PID:1808
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" rsaenh.dll /s
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" cryptdlg.dll /s
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:1056
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:652
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:1704
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:2020
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9BoxHeadless.exe /T
      4⤵
      Kills process with taskkill
      PID:1060
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9BoxSVC.exe /T
      4⤵
      Kills process with taskkill
      PID:1928
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM Ld9VirtualBox.exe /T
      4⤵
      Kills process with taskkill
      PID:1316
  - - C:\Windows\SysWOW64\taskkill.exe
      "taskkill" /F /IM VBoxManage.exe /T
      4⤵
      Kills process with taskkill
      PID:340
  - - C:\Windows\SysWOW64\dism.exe
      C:\Windows\system32\dism.exe /Online /English /Get-Features
      4⤵
      Drops file in Windows directory
      PID:820
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      PID:1656
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      PID:1892
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      PID:2000
  - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
      "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:528
  - - C:\Windows\system32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
      4⤵
      Loads dropped DLL
      PID:2028
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
      4⤵
      Loads dropped DLL
      PID:1168
  - - C:\Windows\system32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1092
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:752
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      PID:2024
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" start Ld9BoxSup
      4⤵
      Launches sc.exe
      PID:1080
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1704
- - C:\LDPlayer\LDPlayer9\driverconfig.exe
    "C:\LDPlayer\LDPlayer9\driverconfig.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:304
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM dnmultiplayerex.exe
    3⤵
    - Kills process with taskkill
    PID:1540
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f "C:\LDPlayer\ldmutiplayer\" /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:572
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:1736
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" "C:\LDPlayer\ldmutiplayer\" /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:1892
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:1664
- C:\LDPlayer\LDPlayer9\dnplayer.exe
  "C:\LDPlayer\LDPlayer9\dnplayer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2044
- - C:\Windows\SysWOW64\sc.exe
    sc query HvHost
    3⤵
    - Launches sc.exe
    PID:2128
- - C:\Windows\SysWOW64\sc.exe
    sc query vmms
    3⤵
    - Launches sc.exe
    PID:3644
- - C:\Windows\SysWOW64\sc.exe
    sc query vmcompute
    3⤵
    - Launches sc.exe
    PID:3684
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
    3⤵
    PID:3812
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:3856
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:3892
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://es.ldplayer.net/blog/94.html
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3820
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3820 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3952
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://es.ldplayer.net/blog/94.html
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3656
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3656 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4088
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM ldcurl.exe /T
  2⤵
  - Kills process with taskkill
  PID:1732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1c4
1⤵
PID:1060

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:1680
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef57c9758,0x7fef57c9768,0x7fef57c9778
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3644 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3876 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4228 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2352 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4052 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4388 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4584 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4700 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4896 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1188,i,16075823189179321801,1107060675477280556,131072 /prefetch:8
  2⤵
  PID:2212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

T1050

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

New Service

T1050

Defense Evasion

File and Directory Permissions Modification

T1222

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
625.4MB

MD5
bf948a09c14f19b91f30961585cf7902

SHA1
46b664f151de33e237d4368b0616a2a16f370056

SHA256
de5716150131f62ca398b564133f7d600761231cff32a1356b53aaf34d9b1d75

SHA512
8df4694379c8a29315784d47b5715afa016424ca01752787425c14581ea116b30781d22503d30bec33311328a1216f98cc1a4abe01035a6e7894b2d78b2b8b12

Download Submit
C:\LDPlayer\LDPlayer9\MSVCP120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\MSVCR120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
d898f4a9c42f0af477fa93f63de8d022

SHA1
3af5e6fb34a416568ad399440be19233e5f0e944

SHA256
ca9491c14d166bf61c4bb667ee8f51512ff8e03b2caef7008b2dc0fec90d077e

SHA512
7352a270f2d043c226621acdfd0ae7e3e80a3696e751d8d04d4e1c4f4a0a03f9da1fc2b4659e1907445738dd6a242a2652de489e7e346bd802b8870973ca7ae2

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.2MB

MD5
6dfc6ae16487f2794a4e2fe37a4ae9fc

SHA1
3621f3ae10e47c5380b7ded45d845db154416c59

SHA256
2c5bb8a9a91accdc09b9f765aeaa73074d46fb3206912fc3b3ca78e3ef8decd6

SHA512
54277dc66778080d0e1b02a1ab30a5890371e7b874364a7d1e25428939465f29c162d8b62164605f07b179f55cf3434eaa28dcd08f220ea5dd3d580ddbfb4c24

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.3MB

MD5
81e1c0536b5f1f6f9279ebc232090f1a

SHA1
231b205e5dc044fb32a0c59fedd6e56fe86a85d9

SHA256
e084be1888597ef84c866cf86c367efd353ca6449dc4e7c924e26c56e23d3a2c

SHA512
73a2244665a517a5d53d3ac61f350780125eb93820d94da9ef3807d94d14f3806e8d32db001afdc536a13ebb3a8ceb550bbf5c5c28d904cb9d27f913fce3c8e9

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
7991639abe941ce26a75d6fdd6da81a9

SHA1
451ff14273ef756d7451e681f61d2229610c03a3

SHA256
07c97df1cd523ca75a8203ba47b5995ebb6415050ad6043c0dd6fc93d0386087

SHA512
e8e8cbd6bd7dcedf64002b0c94bbd2870d661aee5e333be2e5caccee181e0cb036ace14758f3daecbd0efe71ad31718df4ab1baa8dec69550e138ad9e344a1c8

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
4.4MB

MD5
5fa088e8776c9f19dd2a9984ef562f76

SHA1
d682ba1d1b7c6bceb77ba9bddab85d59cff742c7

SHA256
dba713544fbf024780468270468564c5aaa02edabdf3ef17f84f60addfb60fbf

SHA512
8c2e588e8a33e784d518b21727063ba16b8afdc7a6730751677fec27061b14152d95f5a5bac49980ac4dbdd9e44d4303f69c637a91e46c137eb83414566d6c0f

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1485.2MB

MD5
83dfa205dea6e200afd97859e1db343b

SHA1
58dc575c9b14641794b3f65dec274debaadefb03

SHA256
284fe07f2eff1d425065f5318502fd96dfb1062070551d24915042f30e5887d5

SHA512
1f77a1b4f9b1c137c0093b440acd3bd77b1b27d00e9462ea0adf9438e436cf9670c04d67d800d41bc0b787a7dad89d09239aea6c418c57665bc4e0e15d17871b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\EGL.dll

Filesize
532KB

MD5
15f1b424d77859d7a1cb554d07c477df

SHA1
b0cb478f5324e6aaccbff7aafe466d6afcfd439b

SHA256
ad002a41acc4186249b2f5ec07a2937b6cd8e927ce79d326c30a18f84c668285

SHA512
bd0c9ef2eab0a27b03e4fdad678af7db4b177badea8cff3af77390cc60f6fc20a5958a68fd83aa3780b7c2d3213e88b3ffe8778a8b7ed62d6467a022dcdb0b27

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll

Filesize
379KB

MD5
9ff2c9552ff8fe32d5df882c74a541c0

SHA1
a7788b57f8f877a6d7155094379e13b1e320b123

SHA256
c3edf5c9f400f0767df461785c3e2dc1248e118d54b8b4e4b56d2afc4a9602e1

SHA512
c91dc3eb662c02ae7fa2a4706ed2506b1ff40d0c9691e8d740666eaff07834faf462454fa662b4fdc30d0000bd2c543a03dec58123286f185b70377a95773469

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_CM.dll

Filesize
1.0MB

MD5
ee4e3691df14a194c2fc48f51ee50a8c

SHA1
6ef8ee154cc53556dfaf13227ff48b8a869e3641

SHA256
452f7770bd3df7b5782c868c985c45f046bc228abaa582c7ad1abeb00918da4b

SHA512
fa48db69b2a64b560e2ae2d3771c6747699867ecacac945eda6e6990ba104f46436a654b8e7c7ae21966373462b30a26149bf7ff134e008e603f795189787ce1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2.dll

Filesize
2.7MB

MD5
d6c1c657a5ac1b0b87bad60a7ecfe206

SHA1
d2eafddebcdf3bba4c555555856de751467b57f4

SHA256
b6b8a598de0acade0d5c33a285d2b7d1c19dcf6da72f794c6545239019d0e73e

SHA512
cb1632c3f0962e663c09dea301a39482765e8111eeb3c04b7e803201afe43620d676a30cd4243b1eb281a6c4c6bede2dc36a8dd5d4a47760d0191fcfbbdab554

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2_utils.dll

Filesize
1.3MB

MD5
afc8c7eb572e651a51ea9a4b27491250

SHA1
4d2cee80b76e4f10f73f5804f408808dc13f7168

SHA256
0ab778c916b154319bfab5ccf1d64c3da6b1dcacef329883f55f135ecfe2bedb

SHA512
fe49be41d3ebaea7d8835ba8c2aa97188913535d0f67c6b5387bc6623103ab0e26b9e539eb4c02cbaf56c970a4e9d9b737b035bc54f597ae0ca0eaa1193c178e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
1fb62ef7e71b24a44ea5f07288240699

SHA1
875261b5537ed9b71a892823d4fc614cb11e8c1f

SHA256
70a4cd55e60f9dd5d047576e9cd520d37af70d74b9a71e8fa73c41475caadc9a

SHA512
3b66efe9a54d0a3140e8ae02c8632a3747bad97143428aedc263cb57e3cfa53c479b7f2824051ff7a8fd6b838032d9ae9f9704c289e79eed0d85a20a6f417e61

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
0fb91d94f6d006da24a3a2df6d295d81

SHA1
db8ae2c45940d10f463b6dbecd63c22acab1eee2

SHA256
e08d41881dbef8e19b9b5228938e85787292b4b6078d5384ba8e19234a0240a8

SHA512
16d16eb10031c3d27e18c2ee5a1511607f95f84c8d32e49bbacee1adb2836c067897ea25c7649d805be974ba03ff1286eb665361036fd8afd376c8edcfabd88c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
c1fdd419184ef1f0895e4f7282d04dc5

SHA1
42c00eee48c72bfde66bc22404cd9d2b425a800b

SHA256
e8cf51a77e7720bd8f566db0a544e3db1c96edc9a59d4f82af78b370de5891f7

SHA512
21aa4d299d4c2eab267a114644c3f99f9f51964fd89b5c17769a8f61a2b08c237e5252b77ca38f993a74cc721b1b18e702c99bdfa39e0d43d375c56f126be62c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
e46bc300bf7be7b17e16ff12d014e522

SHA1
ba16bc615c0dad61ef6efe5fd5c81cec5cfbad44

SHA256
002f6818c99efbd6aee20a1208344b87af7b61030d2a6d54b119130d60e7f51e

SHA512
f92c1055a8adabb68da533fe157f22c076da3c31d7cf645f15c019ce4c105b99933d860a80e22315377585ae5847147c48cd28c9473a184c9a2149b1d75ee1b1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
e87192a43630eb1f6bdf764e57532b8b

SHA1
f9dda76d7e1acdbb3874183a9f1013b6489bd32c

SHA256
d9cd7767d160d3b548ca57a7a4d09fe29e1a2b5589f58fbcf6cb6e992f5334cf

SHA512
30e29f2ffdc47c4085ca42f438384c6826b8e70adf617ac53f6f52e2906d3a276d99efcc01bf528c27eca93276151b143e6103b974c20d801da76f291d297c4c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
7041205ea1a1d9ba68c70333086e6b48

SHA1
5034155f7ec4f91e882eae61fd3481b5a1c62eb0

SHA256
eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

SHA512
aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
8fd05f79565c563a50f23b960f4d77a6

SHA1
98e5e665ef4a3dd6f149733b180c970c60932538

SHA256
3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

SHA512
587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
cedbeae3cb51098d908ef3a81dc8d95c

SHA1
c43e0bf58f4f8ea903ea142b36e1cb486f64b782

SHA256
3cb281c38fa9420daedb84bc4cd0aaa958809cc0b3efe5f19842cc330a7805a0

SHA512
72e7bdf4737131046e5ef6953754be66fb7761a85e864d3f3799d510bf891093a2da45b684520e2dbce3819f2e7a6f3d6cf4f34998c28a8a8e53f86c60f3b78a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
13b358d9ecffb48629e83687e736b61d

SHA1
1f876f35566f0d9e254c973dbbf519004d388c8d

SHA256
1cf1b6f42985016bc2dc59744efeac49515f8ed1cc705fe3f5654d81186097cd

SHA512
08e54fa2b144d5b0da199d052896b9cf556c0d1e6f37c2ab3363be5cd3cf0a8a6422626a0643507aa851fddf3a2ea3d42a05b084badf509b35ec50cb2e0bb5ce

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
c9649c9873f55cb7cdc3801b30136001

SHA1
3d2730a1064acd8637bfc69f0355095e6821edfd

SHA256
d05e1bd7fa00f52214192a390d36758fa3fe605b05a890a38f785c4db7adef1f

SHA512
39497baa6301c0ad3e9e686f7dfa0e40dbea831340843417eecc23581b04972facc2b6d30173cc93bf107a42f9d5d42515ef9fd73bb17070eb6f54109dc14e3e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
11KB

MD5
bedc3d74c8a93128ef9515fd3e1d40eb

SHA1
d207c881751c540651dbdb2dbd78e7ecd871bfe1

SHA256
fefc7bc60bd8d0542ccea84c27386bc27eb93a05330e059325924cb12aaf8f32

SHA512
cdcbce2dbe134f0ab69635e4b42ef31864e99b9ab8b747fb395a2e32b926750f0dd153be410337d218554434f17e8bc2f5501f4b8a89bb3a6be7f5472fb18360

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
769bf2930e7b0ce2e3fb2cbc6630ba2e

SHA1
b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

SHA256
d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

SHA512
9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
89766e82e783facf320e6085b989d59d

SHA1
a3ffb65f0176c2889a6e4d9c7f4b09094afb87ed

SHA256
b04af86e7b16aada057a64139065df3a9b673a1a8586a386b1f2e7300c910f90

SHA512
ea4df1b2763dde578488bb8dd333be8f2b79f5277c9584d1fc8f11e9961d38767d6a2da0b7b01bad0d002d8dcf67cca1d8751a518f1ee4b9318081f8df0422c7

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
b8bce84b33ae9f56369b3791f16a6c47

SHA1
50f14d1fe9cb653f2ed48cbb52f447bdd7ec5df4

SHA256
0af28c5c0bb1c346a22547e17a80cb17f692bf8d1e41052684fa38c3bbcbb8c8

SHA512
326092bae01d94ba05ecec0ea8a7ba03a8a83c5caf12bef88f54d075915844e298dba27012a1543047b73b6a2ae2b08478711c8b3dcc0a7f0c9ffabba5b193cf

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
77e9c54da1436b15b15c9c7e1cedd666

SHA1
6ce4d9b3dc7859d889d4ccd1e8e128bf7ca3a360

SHA256
885bd4d193568d10dd24d104ccf92b258a9262565e0c815b01ec15a0f4c65658

SHA512
6eecf63d3df4e538e1d2a62c6266f7d677daebd20b7ce40a1894c0ebe081585e01e0c7849ccdf33dd21274e194e203e056e7103a99a3cd0172df3ed791dce1c2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
540d7c53d63c7ff3619f99f12aac0afe

SHA1
69693e13c171433306fb5c9be333d73fdf0b47ed

SHA256
3062bd1f6d52a6b830dbb591277161099dcf3c255cff31b44876076069656f36

SHA512
ce37439ce1dfb72d4366ca96368211787086948311eb731452bb453c284ccc93ccecef5c0277d4416051f4032463282173f3ec5be45e5c3249f7c7ec433f3b3e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
6486e2f519a80511ac3de235487bee79

SHA1
b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

SHA256
24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

SHA512
02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll

Filesize
10KB

MD5
a37faea6c5149e96dc1a523a85941c37

SHA1
0286f5dafffa3cf58e38e87f0820302bcf276d79

SHA256
0e35bebd654ee0c83d70361bcaecf95c757d95209b9dbcb145590807d3ffae2e

SHA512
a88df77f3cc50d5830777b596f152503a5a826b04e35d912c979ded98dc3c055eb150049577ba6973d1e6c737d3b782655d848f3a71bd5a67aa41fc9322f832e

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
11KB

MD5
6e46e5cca4a98a53c6d2b6c272a2c3ba

SHA1
bc8f556ee4260cce00f4dc66772e21b554f793a4

SHA256
87fca6cdfa4998b0a762015b3900edf5b32b8275d08276abc0232126e00f55ce

SHA512
cfeea255c66b4394e1d53490bf264c4a17a464c74d04b0eb95f6342e45e24bbc99ff016a469f69683ce891d0663578c6d7adee1929cc272b04fcb977c673380f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
b72698a2b99e67083fabd7d295388800

SHA1
17647fc4f151c681a943834601c975a5db122ceb

SHA256
86d729b20a588b4c88160e38b4d234e98091e9704a689f5229574d8591cf7378

SHA512
33bdfe9ac12339e1edab7698b344ab7e0e093a31fedc697463bbe8a4180bb68b6cc711a2ceb22ce410e3c51efaa7ea800bad30a93b3ac605b24885d3ef47cb7a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
e1debeda8d4680931b3bb01fae0d55f0

SHA1
a26503c590956d4e2d5a42683c1c07be4b6f0ce7

SHA256
a2d22c5b4b38af981920ab57b94727ecad255a346bb85f0d0142b545393a0a2d

SHA512
a9211f5b3a1d5e42fde406aab1b2718e117bae3dd0857d4807b9e823a4523c3895cf786519d48410119d1838ab0c7307d6ef530b1159328350cc23ebc32f67cd

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
a639c64c03544491cd196f1ba08ae6e0

SHA1
3ee08712c85aab71cfbdb43dbef06833daa36ab2

SHA256
a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

SHA512
c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
56486925434ebcb5a88dd1dfa173b3d0

SHA1
f6224dd02d19debc1ecc5d4853a226b9068ae3cd

SHA256
4f008aa424a0a53a11535647a32fabb540306702040aa940fb494823303f8dce

SHA512
7bb89bd39c59090657ab91f54fb730d5f2c46b0764d32cfa68bb8e9d3284c6d755f1793c5e8722acf74eb6a39d65e6345953e6591106a13ab008dcf19863ae49

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
6f9f9d52087ae4d8d180954b9d42778b

SHA1
67419967a40cc82a0ca4151589677de8226f9693

SHA256
ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

SHA512
22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
7243d672604766e28e053af250570d55

SHA1
7d63e26ffb37bf887760dc28760d4b0873676849

SHA256
f24a6158d7083e79f94b2088b2ea4d929446c15271a41c2691b8d0679e83ef18

SHA512
05b0edf51f10db00adc81fa0e34963be1a9f5c4ca303a9c9179c8340d5d2700534c5b924005556c89c02ac598ba6c614ee8ab8415f9ad240417529e5e0f6a41b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
c0c8790510471f12f3c4555e5f361e8e

SHA1
7adffc87c04b7df513bb163c3fbe9231b8e6566a

SHA256
60bd8f0bd64062292eff0f5f1a91347b8d61fbe3f2e9b140112501770eae0b80

SHA512
4f71aa0942f86e86f787036dc60eaea33af0c277f03cf1e551aaaba48dad48593bcceeccc359efbf18ef99cf49f2d46b4c17159a531ffb1c3a744abce57219eb

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
ebac9545734cc1bec37c1c32ffaff7d8

SHA1
2b716ce57f0af28d1223f4794cc8696d49ae2f29

SHA256
d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26

SHA512
0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
c7c4a49c6ee6b1272ade4f06db2fa880

SHA1
b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e

SHA256
37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f

SHA512
62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
bef17bf1ba00150163a2e1699ff5840a

SHA1
89145a894b17427f4cb2b4e7e814c92457fd2a75

SHA256
48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328

SHA512
489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fbfcf220f1bf1051e82a40f349d4beae

SHA1
43154ea6705ab1c34207b66a0a544ac211c1f37d

SHA256
9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

SHA512
e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
2c8e5e31e996e2c0664f4a945cece991

SHA1
8522c378bdd189ce03a89199dd73ed0834b2fa95

SHA256
1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979

SHA512
14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
77c5cc86b89eed37610b80f24e88dcc2

SHA1
d2142ecce3432b545fedc8005cc1bf08065c3119

SHA256
3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6

SHA512
81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
4394dafed734dfe937cf6edbbb4b2f75

SHA1
06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a

SHA256
35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345

SHA512
33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll

Filesize
60KB

MD5
18bdfd4b9e28f7eba7cbb354e9c12fcb

SHA1
26222efacb3fce1995253002c3ce294c7045cf97

SHA256
3105da41b02009383826ed70857de1a8961daeb942e9068d0357cddd939fa154

SHA512
7d27eeff41b1e30579c2a813eea8385d8a9569bc1ece5310b0a3f375fba1894028c5cec2cf204e153a50411c5dcf1992e8ac38f1c068c8f8af9bd4897c379c04

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
7ddd5548e3c4de83d036b59dbf55867a

SHA1
e56b4d9cfca18fb29172e71546dc6ef0383ac4e9

SHA256
75f7b0937a1433ea7e7fa2904b02fd46296b31da822575c0a6bc2038805971ef

SHA512
9fb30ef628741cebbc0f80d07824e80c9c73e0e1341866f4e45dc362fea211d622aa1cffc9199be458609483f166f6c34c68b585efe196d370c100f9c7315e0d

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
a3f630a32d715214d6c46f7c87761213

SHA1
1078c77010065c933a7394d10da93bfb81be2a95

SHA256
d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

SHA512
920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
c99c9eea4f83a985daf48eed9f79531b

SHA1
56486407c84beecadb88858d69300035e693d9a6

SHA256
7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

SHA512
78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
d3d72d7f4c048d46d81a34e4186600b4

SHA1
cdcad0a3df99f9aee0f49c549758ee386a3d915f

SHA256
fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

SHA512
6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a992f1e06c3c32ffe9799d4750af070a

SHA1
97ffd536d048720010133c3d79b6deed7fc82e58

SHA256
b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f

SHA512
50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cb4a19b88bec5a8806b419cf7c828018

SHA1
2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d

SHA256
97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7

SHA512
381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll

Filesize
336KB

MD5
65f2e5a61f39996c4df8ae70723ab1f7

SHA1
7b32055335b37d734b1ab518dcae874352cd6d5c

SHA256
8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab

SHA512
0b44153ac0c49170008fb905a73b0ab3c167a75dc2f7330aed503f3c0aedfd5164a92d6f759959a11eceb69e2918cb97c571a82715ad41f6b96888d59973f822

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll

Filesize
51KB

MD5
b269a841e301d01c9025ae2c77f8cfd4

SHA1
e0744d904d15a2965c72bd465783aa8f427a9405

SHA256
e42f57be432bb9ca055cff4c45245868f027776d84ced99ec6d869bbaba366ae

SHA512
a6529300d33f703b69d5efdab999092c1166d5730eb8ac0bd75ec4d78faecb4684ac56f6587839474fa734eb70e11f8bfdef3b1df6538f7959e222003b14db69

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll

Filesize
67KB

MD5
338beae8afc386e09a215f3fe7961f1e

SHA1
f91ebbec167b327728e0a1b194d74e8e24d1a32a

SHA256
e1dee9dc5e92713a994440b1bbcbea876f2bf497a99416aa1140a3f22dbd44f9

SHA512
abc597464086d643f49ac2adee43957e580d9b22ebe573054d2df1cc6dc01eafe1d1c61d66866f69c19eedee3fddd5352c4ce9dd47f2499c0bcf631f27e9eb49

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\host_manager.dll

Filesize
59KB

MD5
9266021562600eb8d8486a3d28e3ca86

SHA1
b7bc84b11601e9b82c84159d8c8ae92dce09b585

SHA256
1ee55afaf7803455778db71998400da9e70c50bd5eb3a715756f1bb781d57599

SHA512
9581dfe624dfec27e1ac772418885fda75aef45e3b9ef51c70e05e7a41b75a490cc0544d4419b3462810b3d1af78ceb709a3f1bbb1f602464289a248f90b7d97

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\ldutils.dll

Filesize
60KB

MD5
9181e198de4b07f8c72a308b34532687

SHA1
546f12c9367ae8667dcf04edd16f7bbd5b7dae26

SHA256
839cd01cf9a706897c40687d9014e6390b5773f540ffcaf52ccdcea45e204198

SHA512
a2d8f8f01206e9567a769f12415b66c3f73399f07a01eff83a285643e321c3ec5c2eca58f002bf6c2fb3b1eed1fea0a9d419e1764f4f7858add6ae558fd7448f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\libOpenglRender.dll

Filesize
803KB

MD5
1634fbad495836cceb860cde28c43346

SHA1
c5de36ec8d1796d0ab2f24533e301f0699d60d14

SHA256
d18cf7b9f8d26eda5c22e78ac911fb8daf77808e091eef7a15bc75eccb221af8

SHA512
53076d4050175590c8c952e6ad03b6e111fd3421011b62b876a297c15a94855731a267bf63d5d24f814cf3de78a79c37a378cc04ea670b1fbb6fed34708a009d

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
641B

MD5
8255bded93b6a9a096c1ac596d598f61

SHA1
11842021aab48c0e0b448bc86426587a28fc4efd

SHA256
7f4ff9e753857b0a557c386013b33dd3fad89854e5bebe67b8bb1dd1c84403c9

SHA512
32290e1d668bd86254b462b1125a1155f3c1e790d2ab0cb03c3d6e8f3165ab48b105c8b0d73a1d4eb29e1b23b6c1eeae8fe5bf75ed5e999afad7ce5f67869eb3

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\Tom and Jerry[Keyboard operation mode]@01 (Jerry).kmp

Filesize
16KB

MD5
07d721d103540e005fdd784664cfbaa6

SHA1
ef4d304ed3c0162def5e623c87521a47dd323807

SHA256
b41b5b9abe8fd82fb5ac32a3d36e6bc16e5ac40987bc59999c489706431f50e9

SHA512
e2276cd4af34657bb82f44dbedba6df523d788a1c9d24752d3e11925cad73a71e73e1cd8ceafbb45404dd8204267f2ed2ed5793cf73c18bbbb0c5ba4fd73bca4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\灌籃高手@06(KAEDE RUKAWA).kmp

Filesize
12KB

MD5
c6663359083f11a6bddc7a1fbcaa264a

SHA1
ebf1c4102196308d69df6b3ccef8e78de7ed2ef5

SHA256
437ec41da7414e58f96d8d04991cacbdd5ef042bb64f22e787d4ce526b17164f

SHA512
cfdb84d44a3977c3404cf6aea5f416047ffbba84eda461eef081b4eca14bb89ef0eda3e6990db72bdca8ef945c395073a0ee165350585815fdb5be677ed31ba4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\灌籃高手@06(YOSHINORI MIYAMASU).jmp

Filesize
6KB

MD5
3a1ea631538635231c83fbb0e6b43172

SHA1
793f2f995e22473ed51edf8c819bd137a638a3b8

SHA256
55694d965640d1fd88285eedc4ea1888019d19f921f58b19ca3e6a065bdd8e2d

SHA512
b4a86d6ffc76c31407338a405f65f8c16a18a082a52c5968fc10c6c13f037cec79e90a3b46b00794cb4564a1696d0bc965bc02bbb16abfb88dfe7bab1b6d22ca

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@01[PC Model](Annie).kmp

Filesize
26KB

MD5
60c3815bfe36f047ec0434926d319ced

SHA1
90f628debbb2bde75ec6939c8a904c21ca05ba14

SHA256
9ec1f1bc3fa1a78374783aea451573c935b4338b737ecd4e17faabdf801195ec

SHA512
095471941ba9ca0eeec27a156ebcce360c10afd9cb8e926e4af755d6e69f3513fae28c1140056016b3768172684418ece1d51b4440a2f693ef1c4d57a4732b75

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@01[PC Model].kmp

Filesize
27KB

MD5
9428775132f0283a87811f3af2ad2665

SHA1
bc2c735c1a4465a8330eb6667de95d0e5135920f

SHA256
bdf12a17e6ae1c7489c43030b2a951bf293eb67ee2c4980a3024432f41ce1017

SHA512
6980a4e8d333fcefc52dbdeafb1df4c8c7a459bce89851e7a50a940f45c666eb9e921a8a0efdb8720b1d4b2c1dcf04db945f2b2484b76d417f064344b62cd504

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Aurelion Sol).kmp

Filesize
23KB

MD5
e4765481e0f9bb9f97ee64b2987538e1

SHA1
f743b059b3f5c90f470dac43a4cd7a9cdd769175

SHA256
3bdcbbb5bb7e7ad314d998102b9167db29fe0fee899f77dcc6bc0d69c1ccfaa6

SHA512
94a598e37cec4e62931eb205b8a0c918dcf89af3e9cd61bb5cf58c15a0886b69d72231d679c4ace820e70446da2823c7912c33e1d69766686249d9b3b3cdf286

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Gragas).kmp

Filesize
23KB

MD5
5ded88ce9d7367113a78b8c336df4673

SHA1
a51a4a26cad36d5fb534cec1ab4b7a9b824e2ec2

SHA256
7b7022382d048ec86e66e42e38658d5631e890e1487cd6623ece44ca09795c21

SHA512
e0c771951fcf676e3cf56143b22a17fa9b5402ca9d8f176b94e372b275c2ea23e793076242dbdeaf56fa4cd8aa63958b8c3f66d9ee0504a2064c633f5cd4fad0

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Jax).kmp

Filesize
23KB

MD5
8334cc6e12498113249be9a208c6d3c4

SHA1
3bb4994f4cc9d240c9545e1a33b6ed8e5cee81bf

SHA256
40f0985c85e59bc0c142d8ddbdf86f39dbd0daf084e0457043c4ddcaab14fa48

SHA512
3475e239c98ef55dfbd50051660b31116ea5f008779b562727d0a53420a75d0f06a6c40b602ea6d91b3ef0640f1c8e79506c8b7e83307cc5c9e474af97bee20e

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Kaisa).kmp

Filesize
23KB

MD5
100574d0a4008a70cf2f6bd159d3c4cb

SHA1
78661c0148e85463eeb2b78163284d09c6213308

SHA256
9f18bfbc99c7b8e0f37047daa1e08884151aa57b3072d5a837a2b0188ee1735a

SHA512
b9aceb5c2e3b261bc918a840e06d022a4b671af28f3bbf3901fafe417b4940606558b10675ae21ae980d778894cdb07a13320a932a83a2c0520550a799cb20fc

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟@02[WASD Model](Wukong).kmp

Filesize
23KB

MD5
c6795ef98df6ed699012201e9a492885

SHA1
f3caed409650b21fd98dc40930676ad8673a67a1

SHA256
2c3b5866e12aef9af9310c8cf81b77f4085c74a78017d59f6f7cbce8a5077c5c

SHA512
c48ee45de4f1219c1290fcde63ffd664cb65a4976048b097143a8627dca511b2ca99a1912f6e7080d4940b9ac0ed8c80ea1ffd00d985fa7eaf2a54598a035f75

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@01[PC Model](Annie).kmp

Filesize
27KB

MD5
64ffff6ea4dc45370ce3eb6b9a749e38

SHA1
aab55ae7eab6ad3257c63cf234634ef6ae5796d1

SHA256
ebfae17c910125fa35cc8cac824ca7bb7aa375192a08f01bafb0383d41e150c0

SHA512
50d8e9f5be2780e7428879adf29eaf1b69b25aa5694a42f0e31b197d3df203a71c84f392acff140a0477af15dc87e893144b539bd829edd1fbbcfaf089d345b4

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Aurelion Sol).kmp

Filesize
23KB

MD5
682affc6815ef14407a0ccaa2a9d10b4

SHA1
2a2cff38810242cc9b11ee117c140166216d6562

SHA256
525e5a747d0929595e768bbe44d06e29a73a90a560062abc3c995b9ea0995993

SHA512
f19ec184893627a25b993c5628339ea3ae4bba8a72f0358d94987763259f176feb543aa552422a66647def71b236e5c6ee58c97ac6978d4a27b5a1f8c5f1c97d

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Draven).kmp

Filesize
23KB

MD5
d61e02e3a98f4b9f5d48583d4ef06183

SHA1
be5cc1136b519d40e49186f9f1388c32f8178239

SHA256
34a9313a9114fee24cfe249b0e67dcd3d40bb6827a70df8254f0e14ef2f6a647

SHA512
d61b8a181cb870f3970b8930473ab8e4610b152c65076ec0c1f11ae3043b967cae618e641e53d1585cbb14ea63a5baf0199cccc8deeafe8861854c8887c685bd

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Malphite).kmp

Filesize
23KB

MD5
77c6bdcc7f852110d3fe2abb856453e8

SHA1
388d267618745237ed5aa50f686d6308aaa3dd29

SHA256
0f857556c697c2afa9520c9fc652fd4f1ae43580db97f4dd26ba3b6df7e886af

SHA512
c03fdc1e9d636f2e86d83ff0999833c7794f3e49afa7e3cf64a76027f89a747da7a3f05b0d9caa797ab201b85ae972188b3e85d47227f5ff0bd190be471ebc11

Download Submit
C:\LDPlayer\LDPlayer9\vms\recommendConfigs\英雄联盟_w@02[WASD Model](Seraphine).kmp

Filesize
23KB

MD5
f04cd4a8f6845ce984435e7b6a1e5cd0

SHA1
95d57f868a9e4eec02ea3d66e83747138112187d

SHA256
da34ebebb3e51abcd3f94262f0191e4f9222275622473ce62e40cfa1cdd6ba8f

SHA512
48b3ba2e7689245bf4cdb7db931a770e2e274e7873191644f45c8fa32417428e1813ff54beba74ef1396aaa55ee550764e52c5b0de3b78e866ad8f30a3f7a56f

Download Submit
C:\LDPlayer\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\ldmutiplayer\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\ldmutiplayer\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d0c19378ec3e698179b7b4c5b442d634

SHA1
49a71779ce95c41f64e6fde8f8bff587e7231ba5

SHA256
05fb65b7755e81c96dcacb633a04c92043b1c5f18ac29c7153228e0a8bb64657

SHA512
eda2c0b021111291a60b1cf1b7ad9266ff9e09c2ef5722d89389cea53fc4edbf1bbabdd8bfa74491832c4a914c1c8298f9376c6825fab637aa9375120f2322c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
415eda0b02996f115b6c2280498f6c33

SHA1
13ac96115934df9fea4bcf08c074f53b8d4f71a8

SHA256
32c14741a09b44a9ca0bddf1ab2ea5b9094b12a1c72849b6a7faa78cd21af269

SHA512
7866e7293ddc1adb8a7cb1d7e0cc9ee7b6fdf937b6a82572624b869789dbc51ab8231cd97837aa64847799565d89136e6637e4f2f095b136cc56f1154b4f7bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d11a5aff854c6d94041341e5492dc7c

SHA1
2c95025fe33d23847ca25f84bb04896e8c930395

SHA256
30ed22ddb54a5f5aa97120f1dd8e7aa23caa5e94f0e781d36ccc89935d1e3af7

SHA512
16202ce277741a58deda8d0a01b834382b345bc472e2451b627ffbd74afe7af89f08223ef41ea91edb6174901a640bb6341ca44e03382707691ac0eb8da2919a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f6cd4769ea82829f6f0acb9b2567260

SHA1
daa3d6ea5cfcd720c0cde4785f9f8ee0e0a976fd

SHA256
70d2cfd55f0a938c54fa6d47c01424f325355896c95c5180b1b0a8b30136fe86

SHA512
d9278404674ef75f09d7bfb85ef8f022a58256c594f97cc4b75a11dd9c8dad19a14c882704fba3face236730afb9a4829ffb48e4ad011b53bca8058fdb5c70e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d37d4d886d864ef13357771ca9a5761

SHA1
32b27d04e9b90ca09a911a8c316ef2f716469ee5

SHA256
1e0749e2c53ccc758858f31e7aaf81d86ef894bcd0bfdc800aec988c238e286a

SHA512
085b2ccabad1e15a319aee9fe1f751e72f938f11cc18253f5f510f04b92c8fb0704fd2c41266ae61e65263ffd466dd0718c8829e2156b03098dea145f3520100

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b73f1afc87fe9bc57bb6116e45dff29

SHA1
c492d7ada748748f144fc3b24691a8ab5ac0a1bc

SHA256
d8bcdf3674ce3ef627b228ce09b32454b323b36a67e73bd9d79d03a71304b3f3

SHA512
529e6fd2ecf77baee6b39e91778ddede75a99100f134e99d2dc7461793f0faffefa0cac7e83a51b2a8bdd3f92438c53d45ff03cff4f9b8abd092ef2676d63588

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb924c432962528bdab7fe501a86bed5

SHA1
4f714cbc636b671155b960bdc5fd6d4a59a13a8b

SHA256
d2c2d97000f122e2b176b9f91fb5c487fe30ef519cd3458856d8e7922951ea0b

SHA512
5f117c8573d3f1faf7214862163f1e4b76d46341930e583fa0ab4adaf33aa4a46bf1305869c4c522fd970e19e5981134c9d27addb384638dc26fe46903da6055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
242b927ca926901bea2f305baf08c5d4

SHA1
52e82f721d4aefab936fc3919181bea7a21da375

SHA256
1b18503bcfd744d0ee49b89efba292cbd9a188ea8c2b3f413076193e0bbc9691

SHA512
c6b83dfe3cafeca12870dfeec63557dc0adc7970a215138954c2d140faa83e3d0fec91a28bcc2613889f4235c746967adbdbf948c083fdf8c7a5498c1b846dc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2445ea778b905af2de2326da30567c2a

SHA1
4d5abf00474644f4748400251a6ab4dc56170942

SHA256
71d712ca1902ce5c7d64b1368069d82a1c55dae02b83086498bc222e4b09a7b2

SHA512
41cc10d1484a4192cf251dba6cda30c829a952e24973a0c5e90e2bf566d7c12f70f353a1dd0bc1d7e4ab09b99d762bce9a998e961e2e1a3415f6d218a8d871ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74dee2f16ef134ffeebb9b4b0354b8bc

SHA1
a90537fca7e8aea81fa028cff28ee742c4700490

SHA256
611ac61613e6ec9f1e9aa13550b5523465c22a2a6c7a711a472db94e9759d98a

SHA512
6f4e6c595e5e6c44bcc7faf875e5268f072836cc2316ce936e70ec0d1ee61a566ee7102ae2c47325a68c6e2a011c3542097effb865da92d5973bba9fd1259614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bdc9f4a0ea77057d0e1099b052c9ffa

SHA1
7e45cceb49282417050cb23d6b63ad88bab0c2fe

SHA256
f578cfd55efd3366b35d8fe072c1e2b540010724af922454a63adcff1838c9ce

SHA512
e04e5ab7abeab3e7350913d1bd41860a83528fab8f2ee05de0ccbb31dcada6be1c0385658576edf0053901afbf95ce4d654dfba18954f9696f35d076e4cdc558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
febe86bc3339e2286617a04a6f4e2e83

SHA1
2f013a6c61ddb75f300d2e677f78b076f5549c31

SHA256
8375fbd60a3171853ca4862dc23688aa31c7a9491b5553c347d85a8f24b5243f

SHA512
d428ab13c49eb1261d75f928918a56dd3df3892b5dc7dd2f0a6b1353ea320a568cdf09d26001c4593dd354411103c4568825fb5f43a5753faf69005684a9db2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16f1ef0e3b1876a547949e608500c107

SHA1
2254887f195d809357f42e74765ed000a5c157a0

SHA256
441ac27b5bcffc161e063f62087b56a5d478695836ae6f84aef8e220517401e1

SHA512
747d1c206c6f44c87ed5af5c770c55bd634b0b3e5bd94f10b58f50dd6851dfad119a792015a285e723da33cfed0bcbae72ac0c2d3e174d0bdfab3ff592e337cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
349e0450468686c4803995915ad3b5b8

SHA1
0b1859cf814aa4c8e0e0d7719ea501b576a0048e

SHA256
2a26730b2939b02fa8ea16fae27c3e15c16f0456aed18f752e530626cacba73d

SHA512
067f35270e921994923e2bfb9e683d9aaf167bbae839850aa09a0fbd48c0390563f68313a446b33f3fb6a7305ea8c0d61f192b7e9fc75927fc5ebce81de30d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
108e1b2c249561da9897de002bf10e51

SHA1
d31bb56e4864b98ce348941a851491b5096b9e91

SHA256
9b1f3eaa0006c48ced7ef0af71db8b5c70482660fa301912583121e895ec3b6f

SHA512
9b657f5c024c4b87996b3bf07d8cb42c483ae91973443f79697bfe840f0fbf9d01b44ac61aace336900b7c92ae34851d0a259d2c64409da3fdbc9030506f2a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fbf635a71fa34c7ba60064651090a04

SHA1
1b195117fa698d3d48e2b016b77e8d0993765ced

SHA256
7d162af06d27109771ad741c215e1eb78cef0cf79b44f015aaebb6faac3373d5

SHA512
8900a8c1b27dfd1ab7086a8a9064419ee1deb1deea28bba57384dc875f6e06cccb481454c10caacd31cbece715ed6fd7d68555d0deb8353221613bcd4accdc0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f42ed06d2c62ad44c02c31a05a16255

SHA1
67f32699d3d53698dd07f15ab2ab51ccf0a01be9

SHA256
367fe134721670d974352ce926a6e9e57e546df62d514f68417db1bf4316b776

SHA512
fb34291cd8fa32bc7f05fb993dd2675a9ce96c4285de3709003d9224c2f2a13f2ebf51c59b3cc6afaecff204281b9ee8624e1492ffad59bf6cb3a74b897de26e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32d9787c73841c63140a88c6fdd877c9

SHA1
3870f2f4c27e79416d14cb6539860571141bf1e2

SHA256
91198744d28abd7506d284e62ec3332363b0715ee1e5b5c83e694f0f29506e67

SHA512
4f0d5a6f882705efdebf319eb78c31140d62fed2539df109675d29565df67a8a844a74780a3f830c1cdb2ae8daa22e90d7bfe56758164337ab29b4b89a2d968a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e0daae27b7b824be58b96edfe348bb6

SHA1
b807f5d4eb58fa9fbcb331893cd29b8cfb8708d9

SHA256
9892df72f91753e630e274977575761ab1a3906750e96f3de41692bbcd4e9d66

SHA512
11202925d9f2cda77cb85eb88b4dd701a056d0b001c0af999a1c90d577481bd4a119331bec5b044ca78d264b884e3560155ca707dae1b64c324823ff570c00b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88bddfd8bf3bff276f9fcd9eb5e04519

SHA1
91a5dd3a389d720caec47e5444f94e4075e050da

SHA256
332bfb54b5a85b5666d3fd972aeada67b014e487edd6c4c8d0b4464e53ce9566

SHA512
fb7b56adea907ca1f9fa3fb4b2e5f4f18f9ee7d83b4dd1f68bf284385e5ddf393807a9a0328c633182c98ca1ba0e5c17db055f6c00f96d93b86b2897564c36c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6958870ebd4abae0d52f240eca56f44a

SHA1
f0bce392d2269477e72ef7a2f3422fdb2b632ab1

SHA256
87938025abee05442ba85b81ed67d87c66cf01bfd023a345eec49b06c77b9ee5

SHA512
07aa004c94cd9c359f33eaba6b96ebd7d948235f7962f25edd225e10a1da93c73065401d16881467f7591a447368866d6dea0fae22ac3678e36019e9f0c5222d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3419f187221dc9aeb5351abcbae5f56b

SHA1
1f8c27b2e7b2d6f1016fc190f0504cb8131b1a2d

SHA256
b8084d96d4d16afdd0fdaddc602fdf66411c279915db3286e87e0b91a87bae9f

SHA512
e2ba1e646493d7b0fae3f6563b620332e60bf43006093695446a83a78a627bb4a0e589e851d68144d86db915a46960dcb3085e01f6ba4781dbffdf0bf4a5fcac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bd2b1c9687258df314a908fde03d9c3

SHA1
47c56319b28917fb87901d2a1e484b640e8d0642

SHA256
f46d77e5c932a97dccc509ccdde7422f12da523a4e47a918bd949b78152d90a7

SHA512
74de5a4ea418d3ae1402e4a0a99208d6b6ddff23e1e3ea5f647480cd26d940386ee539d2479d3ce3b4bbda3a8b1a86c62729e1303ff532c7bea7de317c6540b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53f0bb8aecd1b1155668f058d5632e46

SHA1
1a86101383de2c2244a685290824db8f6cb516bd

SHA256
28293f5a593ec83a9f3028f21a6b95902b65434e9181b61c1a528f32c82367c0

SHA512
1daef5c23566140d485d5eecad4adcb3e460f6b3eb3b1c444a436ca4fafb90fadb99e1c61c7b83c38b6edfe71d6256fe435eea2f41524022c8260dc21f91eb88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97a21da09a593cbc8ac933933dc6dff5

SHA1
e389b4c6a24232ae8c3edf6c5915772bbd6924df

SHA256
7a67d4db4110eaed64c9665c22915092488eee7b0ffe44dc245491a6da8698cd

SHA512
28a53c9e57c525a279864570d712597134603f6c5b0df150dedb445299f0c38fe47ddb82157fb72e15609ff12a7962f429428e5cc4383faad5f28e5177cd0811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70e280effbf4d69ca678cd433a9f0bc0

SHA1
e1b5780bb995c40dda52c612761a8b7b24f58f6f

SHA256
ab1082ac43ba373eb5ed6a7f6f41af519e347289f80a664774eb03ae8d5792d7

SHA512
21669054fdba818c9cce5c7fa1aacbc65274bfa27d2435ddc24cbd9a646ce6a5cdeb85bdefcdc73fbd1d68ff27de9a16e77723bc13ab4e08944099600b6671fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
382d39ec6460c3281835651e342342c0

SHA1
930613f2799f91f8ab8ae9b6bd1fa194c753352a

SHA256
23e592831dd02155964643230604952c60590d4782c2ccbdf54058a3df5b2169

SHA512
f90bb3076f0a849b9e0ad4a7ea866372a813b40beab7d949bacc4f6fc460fc7bffb72b9e8b83c35bc592f0460d5d7362adce12af3dc2d8d209228680d41620b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4543ecac954428dfc299c419391cfca1

SHA1
87d1f286fc74ef56f2437c75247cd81a3f13ca37

SHA256
0323dbc9aa0f9d06628e612c6f1ca32f5ef775333f64987be4a9bffa69471ca4

SHA512
e10da551646120b3ba101c1b96ef7b2f3c3d9ff9d4a5c01c6ba4d97c5c0d355a0a54e7026fe5d0039f711977a1f9dfe30a8a64c1b7fd1bf8341a43337eae0977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF7367b9.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
40705076f30fbfeefc81256bb988c192

SHA1
32bed29f86e207e137e0bbf120a4f3a729cab3c4

SHA256
3b39533ac67c5ba3f0334e007e6ab0bc4b9de81623e2232e816ecf9da8f12412

SHA512
7b3e51b549951780446098a832d0c5ee1cd4cce9fb663ecd06f01d9d43f04e256a28803b9bf2874fe378d7bb32795ef2aa495af8044d307d051ed6d04794f07e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
72492cbb879b5b3509a5aa1790e3b8fb

SHA1
75012104c563d143227e492e10ef34ebe34abeab

SHA256
12b14a94158902edfe48b36bc9e52b8c22fd3962d260884a118f8485147a229c

SHA512
358fba5069d62d7b56dc1e1be6cac327a3ad76cda8e95912428b8c35909ff4d0657fc7d7bef05e8f3491587e1d55e024a036bc186dbf0ed9576f9f364b03abb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
0f7d1139765e98631dda950032cc7dd6

SHA1
946cefbc427c7b021cdfac7010912a50cb0ddd37

SHA256
f7877174631035595c3f4080d2e99192dd4eeaaf15c3a0e86b7b3a902de06f5a

SHA512
6e15a83d0e0432ba267aee75c42b4852f3304c5e97f2e5c031a9d9417929d8053c26f78e229cd97cc8849baad09691e5d58e6445180cc19421cd2311de159ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13e90c04d15abe5aef9053cad3c83fd0

SHA1
517b3a0fdf1a1342d3add01260ba86878c24ecfa

SHA256
2c8f410de231a095b54a724cf5b95530df8b956601b84fc49267062c5b56227c

SHA512
cd76ce8375b25811de076396f47e979b123ec14dc1fd18bd1654f27350864c515b10c02e0f2622fda968023bfbfa75822a33c307cb0f4c9cfb8a9e84435bdcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b3bfd741fcb76791259b6dca98a9e692

SHA1
a0d6d9229ac2fb6b4860de4eae481b2485f7526e

SHA256
593674083f97754ae0c2334efb03a21e28c79d98e6792c4e40f7c751cf02f186

SHA512
026c65084992b4f9fc55bb11c8829fd89c5220450ba618d9659b2c358d46d8516773a59082c2e1290ede01d8c45056d68740a0ec77676bdd45fbc2718034cb69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e36b1784481d8fb8a348c7abad4450f7

SHA1
164eecf00305aa5295f1caaf4bf6c5e2c42d5f19

SHA256
2a0bddf24ef451f08cb926ec51def48ab3404fe112afec6c276bbf53992df32c

SHA512
210a5817348d2947b874a8da7840eae497ceee7ff2c8f7b913e16a7554b416e7116f8512bd9e3389c049ffb82c412e49cd61b276d7d05b0dafb7d8d8d70648ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c825776f-b69e-4292-9db1-f11025f831a2.tmp

Filesize
4KB

MD5
b65378f1e72b6a252f862271d9791791

SHA1
99b64c9968a01664ee0ab9234756d0076cb1aaa1

SHA256
daa90ffa66f47f1978b8ca3fc988517794334effeb4bae4145abd88c474a4984

SHA512
8cd6a3c42bb5d0a5d4037de02dbb7264fc282498bb63c2d7fde42beaaf54e795a96d76017201f2a8212c9742b07f56d6eed0466ec3c85b87099e32b44e144dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EA7.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFAF904754AB43BB78.TMP

Filesize
16KB

MD5
5e7b28d9c72e0f30fbf6c6c58698c905

SHA1
704e2f42a42e21749d87db617f940fbb5d932b61

SHA256
2fa35084d5b33090d53c8cbbb045c1b4714c5cf5ef2a1550836218b923f97f8a

SHA512
bc13c2794d68b7ab420255489fe6fc9b22a0ee4f78ce4b5906ec7959d17077675c99c92375b6b4cebe732af122b26bec564f9f8627962407ea33566a66a87d12

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
625.4MB

MD5
bf948a09c14f19b91f30961585cf7902

SHA1
46b664f151de33e237d4368b0616a2a16f370056

SHA256
de5716150131f62ca398b564133f7d600761231cff32a1356b53aaf34d9b1d75

SHA512
8df4694379c8a29315784d47b5715afa016424ca01752787425c14581ea116b30781d22503d30bec33311328a1216f98cc1a4abe01035a6e7894b2d78b2b8b12

Download Submit
\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
d898f4a9c42f0af477fa93f63de8d022

SHA1
3af5e6fb34a416568ad399440be19233e5f0e944

SHA256
ca9491c14d166bf61c4bb667ee8f51512ff8e03b2caef7008b2dc0fec90d077e

SHA512
7352a270f2d043c226621acdfd0ae7e3e80a3696e751d8d04d4e1c4f4a0a03f9da1fc2b4659e1907445738dd6a242a2652de489e7e346bd802b8870973ca7ae2

Download Submit
\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
7991639abe941ce26a75d6fdd6da81a9

SHA1
451ff14273ef756d7451e681f61d2229610c03a3

SHA256
07c97df1cd523ca75a8203ba47b5995ebb6415050ad6043c0dd6fc93d0386087

SHA512
e8e8cbd6bd7dcedf64002b0c94bbd2870d661aee5e333be2e5caccee181e0cb036ace14758f3daecbd0efe71ad31718df4ab1baa8dec69550e138ad9e344a1c8

Download Submit
\LDPlayer\LDPlayer9\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
\LDPlayer\LDPlayer9\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
memory/1680-1763-0x0000000000350000-0x0000000000360000-memory.dmp

Filesize
64KB

Download
memory/1680-1762-0x0000000000140000-0x0000000000150000-memory.dmp

Filesize
64KB

Download
memory/1704-705-0x00000000026A0000-0x00000000026E0000-memory.dmp

Filesize
256KB

Download
memory/1704-704-0x00000000026A0000-0x00000000026E0000-memory.dmp

Filesize
256KB

Download
memory/1704-703-0x00000000026A0000-0x00000000026E0000-memory.dmp

Filesize
256KB

Download
memory/2044-1192-0x0000000034E10000-0x0000000034E20000-memory.dmp

Filesize
64KB

Download
memory/2044-1764-0x00000000039C0000-0x00000000039C2000-memory.dmp

Filesize
8KB

Download
memory/2044-1765-0x00000000039D0000-0x00000000039D2000-memory.dmp

Filesize
8KB

Download
memory/2044-2276-0x0000000073E90000-0x0000000073EB4000-memory.dmp

Filesize
144KB

Download
memory/2044-2277-0x00000000735B0000-0x0000000073801000-memory.dmp

Filesize
2.3MB

Download