Analysis Overview
SHA256
9320bcfefd886f7b5ca62abf74c4bcfea496124408791d9c670ae4808a8a3c4b
Threat Level: Likely malicious
The file LDPlayer9_tw_35034_ld.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Launches sc.exe
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Runs net.exe
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-03 12:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-03 12:20
Reported
2024-03-03 12:23
Platform
win11-20240221-en
Max time kernel
54s
Max time network
157s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer9_tw_35034_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_tw_35034_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/tw.ldplayer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc95133cb8,0x7ffc95133cc8,0x7ffc95133cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6457746312806405121,13768250622027187840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\f023da40a6d14328ae364380edea16cc /t 3692 /p 3624
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=35034 -language=tw -path="C:\LDPlayer\LDPlayer9\"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=197278
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\dismhost.exe {826B3AD3-FBD4-4000-ADBD-D8D11F44AD1A}
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| GB | 143.204.191.125:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| GB | 143.204.191.125:443 | encdn.ldmnq.com | tcp |
| GB | 18.172.153.8:443 | cdn.ldplayer.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 184.25.204.51:443 | tcp | |
| US | 20.44.10.123:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.156:443 | www.bing.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| GB | 92.123.128.190:443 | www.bing.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| GB | 92.123.128.190:443 | www.bing.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| GB | 92.123.128.137:443 | r.bing.com | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 601fbcb77ed9464402ad83ed36803fd1 |
| SHA1 | 9a34f45553356ec48b03c4d2b2aa089b44c6532d |
| SHA256 | 09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15 |
| SHA512 | c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220 |
\??\pipe\LOCAL\crashpad_1416_LFWZXLCLWFWCOYSG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a91469041c09ba8e6c92487f02ca8040 |
| SHA1 | 7207eded6577ec8dc3962cd5c3b093d194317ea1 |
| SHA256 | 0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f |
| SHA512 | b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f14cdccc81bae369047a4e3073c281c |
| SHA1 | d0f3afa7e16dd617b13db46955d20df75cfc4366 |
| SHA256 | c7122d2478f23a862059114d1bb71c1a80ccd4c334606593a5485c690113bb04 |
| SHA512 | 5d57bc9b06ad3fbc59bd5f366a8d89796ff8e014ddbee279b5f9f8479fc788124c53796a1f2daf70272c56a0833c3d1432dcbf154ce7a274d11eb250c45e0a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d010c471236ea920834bd481d4a516df |
| SHA1 | a1b3e8e11d6a725c2740a6c98bcb64d7296dd260 |
| SHA256 | 616994888647dac3dafe929ec1d56f86b46a8a9e178944f813797882ec74dd18 |
| SHA512 | 507f44c7f3110f90d8d32c99033b4a43f8fa075555e091cb156ee9e3aa056ecb43096494c2c03fcaa8c0943557096da0971c725ef0a63d173c08312a3314fcf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 498c8189c0bcaa9d85b93b15aaedacc2 |
| SHA1 | ada0c291ec19c8001f86a04a5f18c1f914913a1e |
| SHA256 | d87da01ca380af3780c4c5c0836a67604eafc5d5c9516ef35b2c6b3e56d000d7 |
| SHA512 | c3fe793876284749fe0c201fe2add7204f1dd2b7d36762edbb70eb87a09743b9bb8a34026b4e890b1ca55b77059f1aaf446906da080cc07bb8ac4a0e64f4c008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 598322a39566057ea8dab7ef43788024 |
| SHA1 | 74eb8a5a1eb8882aacd2dc7f984dd1218fe606bf |
| SHA256 | 2caa4dbab2156c372758683d941456d457f23d59c3f41cc830ffdde79f8291e0 |
| SHA512 | 04964052f2379bc6e1ad74abf0f17b58bde0a1ff2644e56fbde65faa857491db00f5ccc1a6f6158ced32a804052c5381a853efcf92da32f84d2a79b40901b983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c23fab49589ec88ca431e8a7649c9413 |
| SHA1 | 93623d78fb54b02ed08cb98ac865e2f0665a3da1 |
| SHA256 | 72f7f2b1cafe7c3114ae905779f65fb80d7f62783b920cac4e2830c09616d63f |
| SHA512 | cd043b30432c0f9f4b8ce44b13b8ef0a234fa350e07df8676a43ba9592c297fbff1a8c2cc18eeffd499b70e94be98c4c718dc5c86d07f9dbbbeda1d174df6f9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9061ef77be224ab4946c226c8bee82d5 |
| SHA1 | 1dd374945f28e6431173891e77f9ec017ceee251 |
| SHA256 | 448345b71e1d159e6c6f111b9483133285e4eede9a008f33d019e1d1254a60ec |
| SHA512 | 5a5100c188ced02c6dc79e22ea0216d1ca561210a13af03bb502b8050e90b3f3c766333af766fd36d024cddfec2e7949cb37cf2637b2cac2f32dbaecd9105c39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0e1eb07d00a4b1b8787c7c2b376bb3c9 |
| SHA1 | af1fdffe788d5772c3db51cbe137e219b9fc2879 |
| SHA256 | 08c88ff295ed084ad017de193d97aaa9e0192169e094eeba77e88db683708ead |
| SHA512 | bd6f10c9278a79f8307d43d2ee3e64f89c158882ccb7dd1765acc6e6d090940e9064bfd874c53c58711b260c85789cb0141f0ec0fee5865cbb6077cf8894a0d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582621.TMP
| MD5 | 3410a3112e781f7f8a58fb8c7f9b740e |
| SHA1 | 253e6da5fb4ffe08ba0c42530cea5214b0095aa5 |
| SHA256 | 6ff5b7b6b75d164050b2afd3556ae301291658eaf7c5179ab5e192a3035a1338 |
| SHA512 | 6b4296c84dfa3ec47854c47755a27612676667d458a81d360869d7e38aebee7e1b607aad16fa85401c97ed95c47793e2c4440017a2f144987ac644598b7e1a76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7209ba7b127bc44ac396f6fa2febb590 |
| SHA1 | d6b54953d6a1e8c6184f136564bcb3cbb854068c |
| SHA256 | 87b66b2ee27ea7f24633aac3a1fa99bb62c19023247840a9f638feea0357b75c |
| SHA512 | e69a222d66251a5fd56cf9ad561d81e68ee2b9ce62c0a2af0235e4c3a6d6b2a1024c4bcf8056d08707ea0cacf9c4f7c14fca2fa66d30525b6b491cdb90868329 |
memory/4664-289-0x0000028679D40000-0x0000028679D60000-memory.dmp
memory/4664-298-0x000002867A950000-0x000002867A970000-memory.dmp
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | 44c57270ae7792240c7b31f52a65e917 |
| SHA1 | 32296dffbe935c4794a1bc75fe2db85e4ec6734e |
| SHA256 | 3cd40cd15d2a690e5343e58ec099dac45baafa50c286680f412d4d281a36156d |
| SHA512 | b714e43a7412dd316e5e8734cb0c17a900f5e787df83d76f4a117947e033357adab7b8df668b2a9db15730858d6f4978dd418ba8eeaabd2953f169bc8395fc11 |
C:\LDPlayer\LDPlayer9\LDPlayer.exe
| MD5 | 6a52c2430bbb0d9657548069b27818a6 |
| SHA1 | 2cb917689df510f495392f3b3ba8856d53158079 |
| SHA256 | 8ede755f40d7c74eb8f9f6a26f757754741006c65019572ad471a2a04902f6a5 |
| SHA512 | b546cbb9945ab617a2f758f43bd2a66f4fe9fa802825de33ec27786131fa473071fa206b26ece27aa4fd61d948716ad84668b59656968bbc53a5b9ffa0609414 |
memory/5112-418-0x000001B269370000-0x000001B269390000-memory.dmp
memory/5112-449-0x000001B269FB0000-0x000001B269FD0000-memory.dmp
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | a56d3259a2fb3d7b891d083624e883c8 |
| SHA1 | fd5a5982d47208fced883f820390c9409d1a521c |
| SHA256 | 6fc3d75b404976daffe414d9d6226ce1c25b4c51f13fc9ef6a1562c6b786c0d7 |
| SHA512 | 1c1f2724e9149ade99f2147bc7ee0203d5e100c8f4910239f59cfcb7695a42026e1af258912cadf91b69c7d977348439145d1c3cbed8543738eb0cfaf264c5ee |
C:\LDPlayer\LDPlayer9\MSVCR120.dll
| MD5 | fb8be678a2a48c7eec99adbf83989179 |
| SHA1 | c09095b637c0f9d65835229f062a264573593953 |
| SHA256 | fb1683e08955efa7a774fb97ee1b49f5ec228782305af571a9cd46fe64718521 |
| SHA512 | 6f6109b45d5f7f4dcf3eeea35106338323ef5dbd5f477b1e8db39441e4491165692937fd572155f8c8a054620016dd247709ca26642f0efa19a4d11815f81d93 |
C:\LDPlayer\LDPlayer9\msvcp120.dll
| MD5 | 52d0d196db080e239f56efd60daf7df3 |
| SHA1 | c25770cf6f5453c87697b72183b1e34ca4e2c970 |
| SHA256 | bf299efb1279b1dcc45996b3696d84fa60b61d4965a088f70e7019759fd4746a |
| SHA512 | 486e1b32b25ff4b522ca6ce265c689059d15335170278f16c40e1564c8c2ceea4bd8c35eb4d7bbbbcd865f4be8b0b2b380c5ef34cf054fa1ec273cf55556ffec |
C:\LDPlayer\LDPlayer9\msvcr120.dll
| MD5 | 9b48ca75b64e87e8c78ab60f1a82a138 |
| SHA1 | 9d66a6aecd5abacfa9bb599c04d67f781b54ab4d |
| SHA256 | 609861473634528ab4c75d3f735b960831f1db9af7524a6585315b4895edd92d |
| SHA512 | 08d3faf0c485f4e153a948bdc6a32b6df7a8d900828ca83255235751cd966ac6f172390c2fdc38fcee1ba67162a3c079b413d4afea77ae4709db30a545d7b4e9 |
C:\LDPlayer\LDPlayer9\MSVCP120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
C:\LDPlayer\LDPlayer9\dnrepairer.exe
| MD5 | 989585db3f29bd4b9ccd1432213b3381 |
| SHA1 | cafe3b7f61130595117c7906153c59970ec163c5 |
| SHA256 | e7819fe4d4c34d13f0f06add45c658f03b57e5704aa6d575e825aed1dc20a4e7 |
| SHA512 | a4a1b37f7fb51e11519dd713001ff8e7451f33880c876d39ed7cd3f7be95f0c8709a9eebffbc655a6dd44714a05dae5f0f65ff827ea1c83b8ace6f08b31fed24 |
C:\LDPlayer\LDPlayer9\dnresource.rcc
| MD5 | 2a86a0776a88dce72bd16f0b60f56076 |
| SHA1 | b60165bff187c115ea78669351968a982d3a501c |
| SHA256 | 93dc0968b04ecd1090c4af3559b96c7fd8983eb164534a8d3944afa5be5cf404 |
| SHA512 | 568562eafdf236dda953d56501a400145acdbde67b6cc999a9664039a81c37cd0f6c0adebd039b8f5a3dd86e4b2dca84d9a72d5b3b18a8f7d02aa7018565a8ce |
C:\LDPlayer\LDPlayer9\crashreport.dll
| MD5 | 66320b2085eaef1c436f6940b4bb8822 |
| SHA1 | 6e92774138f43129a209c3fc80839c7726e9644d |
| SHA256 | e7e8225ea6879d0e24be299dfb07b42876157b221e2c01ede29b6da675e830e0 |
| SHA512 | 2a66ed15503c57059dab50128c5d1167f8afd152d5cc84383472db41224bddc4552a9a69a3f59bd820d42fe68a73f45cc5f00a3df3f8172ac744cc432cea4b54 |
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config
| MD5 | f0de6136f60919e1beaff7efe6c59755 |
| SHA1 | 0e042e58123d48a7f35ef511c832264ffc614c6e |
| SHA256 | 1330010a071c1df7e14ae232eedb72a038a295f9662aa7ebae5304ab6b8776ee |
| SHA512 | 039b9ea42c70d227edb6b019e8d64bcf3eb806314ed5f9f4eb798f6ee2e92695f8b3649add3f3cd1200d7ca4a06d581bad33672199235310d8709716867f3638 |
C:\LDPlayer\LDPlayer9\system.vmdk
| MD5 | 0b9d9067b5e57b396cf2b5994f0497b7 |
| SHA1 | 55f6cdf748c4a85f1df6b757f2f5206c42fdc7e8 |
| SHA256 | d1509f5bb674cb574ea0ee35354743052813429faeee17f475c407bd00aefd6e |
| SHA512 | ca153420ba10c8c99c8b782f18ea41b88139cd073b96454cfd763175c0e544e01390ae342f0bbd0471755bca3c6b0036600ba5db9d1a5682f220628d0706bdd2 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\DismHost.exe
| MD5 | 17275206102d1cf6f17346fd73300030 |
| SHA1 | bbec93f6fb2ae56c705efd6e58d6b3cc68bf1166 |
| SHA256 | dead0ebd5b5bf5d4b0e68ba975e9a70f98820e85d056b0a6b3775fc4df4da0f6 |
| SHA512 | ce14a4f95328bb9ce437c5d79084e9d647cb89b66cde86a540b200b1667edc76aa27a36061b6e2ceccecb70b9a011b4bd54040e2a480b8546888ba5cc84a01b3 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\DismProv.dll
| MD5 | 2ac64cc617d144ae4f37677b5cdbb9b6 |
| SHA1 | 13fe83d7489d302de9ccefbf02c7737e7f9442f9 |
| SHA256 | 006464f42a487ab765e1e97cf2d15bfa7db76752946de52ff7e518bc5bbb9a44 |
| SHA512 | acdb2c9727f53889aa4f1ca519e1991a5d9f08ef161fb6680265804c99487386ca6207d0a22f6c3e02f34eaeb5ded076655ee3f6b4b4e1f5fab5555d73addfd7 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\LogProvider.dll
| MD5 | c63f6b6d4498f2ec95de15645c48e086 |
| SHA1 | 29f71180feed44f023da9b119ba112f2e23e6a10 |
| SHA256 | 56aca41c62c8d0d1b26db3a01ef6c2da4a6a51fc963eb28411f8f7f029f1bfde |
| SHA512 | 3a634340d8c66cbc1bef19f701d8bdb034449c28afecce4e8744d18181a20f85a17af3b66c8853cecb8be53f69ae73f85b70e45deac29debab084a25eb3c69dc |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\ServicingCommon.dll
| MD5 | 07231bdae9d15bfca7d97f571de3a521 |
| SHA1 | 04aec0f1afcf7732bc4cd1f7aab36e460c325ba6 |
| SHA256 | be75afbbc30cad7235adf03dcc07fcee3c0c330c89b00e326ebbef2e57df5935 |
| SHA512 | 2a46e0657e84481faf5c9d3de410884cb5c6e7b35039f5be04183cdac6c088cc42b12d0097e27836af14699e7815d794ca1cec80960833ab093b8dc6d44e2129 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\DmiProvider.dll
| MD5 | e54120aa50f14e0d3d257e77db46ece5 |
| SHA1 | 922203542962ec5f938dcb3c876f060ecf17f9dc |
| SHA256 | b5fb1a5eb4090598d5f878cdd37ed8eca82962d85995dd2280b8849fba816b54 |
| SHA512 | fbce5d707f6a66d451165608520be9d7174a8c22eb9827dfe94d98718e2c961f15ac45583b1743f3b8078b3fe675992d4b97bfc5e4b893b60328d94665f71dc9 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\MsiProvider.dll
| MD5 | eb171b7a41a7dd48940f7521da61feb0 |
| SHA1 | 9f2a5ddac7b78615f5a7af753d835aaa41e788fc |
| SHA256 | 56a8527d267116af39864feca528be5b7a88c3b5df94750154b2efcf2fda5d55 |
| SHA512 | 5917266aed1a79ee4cb16bb532ccae99782d0ee8af27cb42a6b39496c3de61c12a30ce524a1a66cc063101ebcfac957d1b129aae0b491c0587f40171ba6bae12 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\SmiProvider.dll
| MD5 | 46e3e59dbf300ae56292dea398197837 |
| SHA1 | 78636b25fdb32c8fcdf5fe73cac611213f13a8be |
| SHA256 | 5a0f1279013d1d379cb3a3e30f1d5be22549728cd9dc92ed5643eacf46199339 |
| SHA512 | e0584da3c302ea6ffa85932fa185500543f15237d029fdc4b084aee971ec13967f9e83cad250bea36b31f1a3efb1cc556da7dd231e5b06884809d0af51ebdf8c |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\IBSProvider.dll
| MD5 | f6b7301c18f651567a5f816c2eb7384d |
| SHA1 | 40cd6efc28aa7efe86b265af208b0e49bec09ae4 |
| SHA256 | 8f4e3f600917d49ada481ff0ed125fef4a316b659bb1197dc3036fc8c21a5a61 |
| SHA512 | 4087d819706c64a5d2eed546163c55caacc553b02dc4db0d067b8815d3a24fb06ea08de3de86aac058ff2907f200e4e89eef2357ca23328aaacbe29501ea3286 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\AssocProvider.dll
| MD5 | 702f9c8fb68fd19514c106e749ec357d |
| SHA1 | 7c141106e4ae8f3a0e5f75d8277ec830fc79eccc |
| SHA256 | 21ad24a767aeb22d27d356bc8381f103ab620de1a47e374b9f961e44b543a358 |
| SHA512 | 2e7d403c89dacdda623ed1a107bac53aafde089fdd66088d578d6b55bcfe0a4fc7b54733642162bd62d0ca3f1696667a6f0cb4b572d81a6eefd6792d6003c0d9 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\IntlProvider.dll
| MD5 | 34035aed2021763bec1a7112d53732f1 |
| SHA1 | 7132595f73755c3ae20a01b6863ac9518f7b75a4 |
| SHA256 | aac13ddb9ab5a165a38611f1b61229268a40d416f07740d4eefba1a8fcf7c731 |
| SHA512 | ea045aa46713133a5d0ad20514cc2a8c8fffb99b4e19c4d5262f86167cfce08a31d336222fd3c91e6efbfd90312bb2325337aa02a8489e047b616085fdf46c1d |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\SysprepProvider.dll
| MD5 | 4dfa1eeec0822bfcfb95e4fa8ec6c143 |
| SHA1 | 54251e697e289020a72e1fd412e34713f2e292cf |
| SHA256 | 901cea68c7a158a1d9c030d3939f8f72057d1cf2f902aec1bc1b22a0000c0494 |
| SHA512 | 5f3f710bef75da8cddb6e40686d6a19f59fbc7d8a6842eaceb9a002ab284a91ecf48c352171e13f6a75366610988e67710439f1dde579311ebbb3cd9e4751aa4 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\UnattendProvider.dll
| MD5 | 7c61284580a6bc4a4c9c92a39bd9ea08 |
| SHA1 | 4579294e3f3b6c03b03b15c249b9cac66e730d2a |
| SHA256 | 3665872e68264bbf3827c2bf0cfa60124ea1d87912728f2fc3685dce32855cb8 |
| SHA512 | b30b89d0d5e065042811d6ff397d226877ff698aeb1153681692aedabe3730e2f3746ad9d70e3120e336552bab880644f9ead0c91a451197a8f0977a2126a0fe |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\OfflineSetupProvider.dll
| MD5 | 3437087e6819614a8d54c9bc59a23139 |
| SHA1 | ae84efe44b02bacdb9da876e18715100a18362be |
| SHA256 | 8b247665218f5151f0d19f59ea902a7c28f745d67a5d51b63b77242ffb4bdd74 |
| SHA512 | 018e88f6c121dd4ecaceb44794e2fa7a44b52ddb22e7a5a30a332905e02065cbc1d1dcddc197676277b22f741195c1b7c4c185d328b096b6560b84e9749d6dde |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\WimProvider.dll
| MD5 | bcf8735528bb89555fc687b1ed358844 |
| SHA1 | 5ef5b24631d2f447c58b0973f61cb02118ae4adc |
| SHA256 | 78b742deddee8305ea06d77f296ad9fe0f4b4a27d71b34dcdff8ae199364790c |
| SHA512 | 8b2be4e9a4334a5fc7f7c58579c20974c9194b771f7a872fd8e411d79f45fc5b7657df4c57ad11acb915d5ea5d1f0583c8a981b2c05104e3303b3ee1469b93f5 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\EdgeProvider.dll
| MD5 | c22cc16103ee51ba59b765c6b449bddb |
| SHA1 | b0683f837e1e44c46c9a050e0a3753893ece24ad |
| SHA256 | eb68c7d48f78b46933acba617cf3b5fcb5b8695c8a29295a9fa075f36910825b |
| SHA512 | 2c382aaddeca4efda63162584c4a2338ffcc1f4828362ce7e927e0b39c470f1f66a7933ae2210d63afb5a2ae25412266fde2ee6bdb896c3c030bdc08b67ec54e |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\ProvProvider.dll
| MD5 | 2ef388f7769205ca319630dd328dcef1 |
| SHA1 | 6dc9ed84e72af4d3e7793c07cfb244626470f3b6 |
| SHA256 | 4915b0c9cd8dc8a29dd649739974d244f9105dc58725f1da0d592af3b546e2bf |
| SHA512 | b465917424dd98125d080c135c7e222a9485ed7ec89004f9a70e335b800e5b9419fbc932c8069bae9ff126494174cf48e2790030dd22aa2d75b7b9d8ccff752b |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\Ffuprovider.dll
| MD5 | a41b0e08419de4d9874893b813dccb5c |
| SHA1 | 2390e00f2c2bc9779e99a669193666688064ea77 |
| SHA256 | 57ce7761531058f3c4289b1240bea6dc06355c9c4b4e88b9c9c0df8012edc5b3 |
| SHA512 | bd370e49da266148d50144c621f6415bdd5358e6274b1d471b8d4ee1888d93774331c3f75e6cb99782f1c8e772981cbc5a4baf5592c6400f340407dc670e547a |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\Vhdprovider.dll
| MD5 | 8a655555544b2915b5d8676cbf3d77ab |
| SHA1 | 5a7529f8a6d50d3f4e13b2e3a0585f08eb0511a2 |
| SHA256 | d3a2dd7d47bfbb3897b927d1b7230b5b12e5fd7315d687458de15fbb08fb7e27 |
| SHA512 | c6da649ae3c3688065b37bccfb5525ade25ba7bc3b163ad7d61f3b3d1c4957c8fd6c9f2bf23b0dbc4fffe32e980acb5a5d3895b8a012c5ed086e3e38caee2e93 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\ImagingProvider.dll
| MD5 | 4c6d681704e3070df2a9d3f42d3a58a2 |
| SHA1 | a9f6286ac25f17b6b2acd1fce6459b0bc94c6c81 |
| SHA256 | f1bbab35b2602d04d096c8de060b2a5cf802499a937fd1ffe749ff7f54852137 |
| SHA512 | daa0c723312680256c24457162e0ef026b753ba267f3e2755f838e2864a163802c078d8668dd2c2064cb8887f4e382a73d6402a5533b6ac5c3cbf662ad83db86 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\TransmogProvider.dll
| MD5 | c1c56a9c6ea636dbca49cfcc45a188c3 |
| SHA1 | d852e49978a08e662804bf3d7ec93d8f6401a174 |
| SHA256 | b20b3eb2df22998fd7f9ff6898ba707d6b8833a8274719a5e09d5148d868faaf |
| SHA512 | f6db05e4644d734f81c2461e4ad49c4e81880c9e4beee13dbbda923360ef6cf4821fccd9040671b86ab2cd8c85fc313c951c1a69e4df14d94268753ce7ae5b2e |
C:\Windows\Logs\DISM\dism.log
| MD5 | bbfdcb286fc5d01152f7370c774e2288 |
| SHA1 | 0a92f4b42f70dd8b9ae4638d8f5d270dc8fbb7d1 |
| SHA256 | 11c185c664f6ae2696bf7050986e984ccbfcc79bcae3c7e7220529ba8dc4f2b1 |
| SHA512 | 578a76e885932fa16a440c695d5e83564974f2a3128b50f439a5dc8c4a43af34fc2024affccd7362ede847017020f0e71bf8c6716f9527707acc0808bed6a1ef |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\OSProvider.dll
| MD5 | e9833a54c1a1bfdab3e5189f3f740ff9 |
| SHA1 | ffb999c781161d9a694a841728995fda5b6da6d3 |
| SHA256 | ec137f9caebcea735a9386112cf68f78b92b6a5a38008ce6415485f565e5cf85 |
| SHA512 | 0b18932b24c0257c80225c99be70c5125d2207f9b92681fd623870e7a62599a18fa46bcb5f2b4b01889be73aeb084e1b7e00a4968c699c7fdb3c083ef17a49f9 |
C:\Users\Admin\AppData\Local\Temp\BFC3FCD8-ECFA-44AD-B308-0B7ABC013699\DismCorePS.dll
| MD5 | 7f751738de9ac0f2544b2722f3a19eb0 |
| SHA1 | 7187c57cd1bd378ef73ba9ad686a758b892c89dc |
| SHA256 | db995f4f55d8654fc1245da0df9d1d9d52b02d75131bc3bce501b141888232fc |
| SHA512 | 0891c2dedb420e10d8528996bc9202c9f5f96a855997f71b73023448867d7d03abee4a9a7e2e19ebe2811e7d09497bce1ea4e9097fcb810481af10860ff43dfb |
C:\Windows\Logs\DISM\dism.log
| MD5 | 9778bed83b58eff98bc8266739c4f199 |
| SHA1 | 7fd0e65a41d6632efa2afe0699b37fc01385f852 |
| SHA256 | 46e47132eff1a63b277a7da4f9979231edf2651e84efed33c71cbf87971e3a9a |
| SHA512 | ed9248abeed6e10e7a776fb16ce06ff21ef6d8754ac7db2a0387ef26c0d903c7ab94b7aa1be6d1071b3f4f60dd6b3eb9d7929f1ac54eb883a832f53ca5fc697e |