Overview

overview

8

Static

static

6

@创e下�...��.url

windows7-x64

1

@创e下�...��.url

windows10-2004-x64

1

PPTV_Android_VIP.apk

android-9-x86

6

AlipayMSP0...24.apk

android-9-x86

7

forqd1170_141862.exe

windows7-x64

8

forqd1170_141862.exe

windows10-2004-x64

8

$COMMONFIL...us.dll

windows7-x64

3

$COMMONFIL...us.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...us.dll

windows7-x64

3

$PLUGINSDI...us.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...me.dll

windows7-x64

3

$PLUGINSDI...me.dll

windows10-2004-x64

3

$PLUGINSDI...00.dll

windows7-x64

3

$PLUGINSDI...00.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    forqd1170_141862.exe

  • Size

    14.4MB

  • MD5

    9933858861d5498455bfab25258efce8

  • SHA1

    cf1015b9de69f4690744c8cf863a49382a617b0b

  • SHA256

    72fa08b2b85508bee44c6c8e0520502f1bff3b26ab532c0d34f1d1eb06869b44

  • SHA512

    0277a622c2455ae447d679a2bc040419b7b1ae27303619035019f769514f6e0984f1c9cc43349899baca39313657c26f03984eea182b484d9278ee54b131179f

  • SSDEEP

    393216:LUMVtJaxkTiqHhPcV6T5n2u+1+uGeKOa+2t/Ae:LUMVnuqHhBGG+EJ

Score
8/10
bootkitdiscoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 7 IoCs
    evasion
  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Drops startup file 2 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 6 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 21 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\forqd1170_141862.exe
    "C:\Users\Admin\AppData\Local\Temp\forqd1170_141862.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\pplugin2.dll"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2588
    • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\SkinConverter.exe
      "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\SkinConverter.exe"
      2⤵
      • Executes dropped EXE
      PID:2816
    • C:\Windows\SysWOW64\Rundll32.exe
      "C:\Windows\SysWOW64\Rundll32.exe" "C:\Windows\SysWOW64\PPTVSvc.dll" RundllCmd -start before
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2668
    • C:\Windows\SysWOW64\Rundll32.exe
      "C:\Windows\SysWOW64\Rundll32.exe" "C:\Windows\SysWOW64\PPTVSvc.dll" RundllCmd -start
      2⤵
      • Server Software Component: Terminal Services DLL
      • System Location Discovery: System Language Discovery
      PID:2388
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s C:\Windows\system32\kindling.dll
      2⤵
      • Modifies registry class
      PID:2596
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\SysWOW64\regsvr32.exe" /s C:\Windows\SysWOW64\kindling.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3064
    • C:\Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\firewall.exe
      "C:\Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\firewall.exe" /PPTVPATH=C:\Program Files (x86)\PPLive\PPTV /PPTVVERSION=3.1.9.0042 /DELPPTVPATH= /DELPPTVVERSION= /DELCOMMONVERSION=
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:684
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\PPLive\PPTV\PPLive.exe" PPLive Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2408
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\PPLiveU.exe" PPLiveU Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:3044
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\RepairSetup.exe" RepairSetup Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1704
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\CrashReporter.exe" CrashReporter Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:1408
      • C:\Windows\system32\netsh.exe
        netsh firewall add allowedprogram "C:\Windows\system32\PPTVLauncher.exe" PPTVLauncher Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        PID:1960
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" PPLive Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2164
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\PluginInstaller.exe" PluginInstaller Enable
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2764
    • C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
      "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" /RegServer
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2548
    • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\hwcheck.exe
      "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\hwcheck.exe" -s -luminanceonly "C:\Users\Admin\AppData\Local\Temp\hwcheck.mp4"
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      PID:3020
      • C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
        "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" /LoadModule MngModule.dll /T 2 /A http://h.synacast.com/1.html?sa2foJynraacmdeYo9aizKjLqdakmdrL1KGfn9eZ1Kedyq2c1aTSj7mipuyd5a2boKHom/KW7KnovNvX5tnPzpa10dPXiafhlrSpvOrG3tTN29qFxretib3X0eDU0tnYkLHQyubZ1eLon6SWnqeimaaToaafoavhlrWpmqeToJCSr7OWppazpqbdoKCcmaaVoKCSsbOV
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1668
    • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\RepairSetup.exe
      "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\RepairSetup.exe" -codec
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2920
      • C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
        "C:\Program Files (x86)\PPLive\PPTV\PPLive.exe" /LoadModule "C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\components\PPOptions.dll"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:2888
    • C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
      "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" /LoadModule MngModule.dll /T 1 /C forqd1170 /F 0 /G 3.1.9.0042 /H 1 /I forqd1170_141862 /L 1 /M 0 /N 1 /O 1 /P
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      PID:2588
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k PPTVServiceGroup
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Server Software Component

1
T1505

Terminal Services DLL

1
T1505.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\PPLiveNetwork\product.ini
    Filesize

    209B

    MD5

    c076ada51e336237be1983c8ec5b2b7b

    SHA1

    0d2bddbc75d1c8cec81373e5c9c8440bb18fa459

    SHA256

    0a5811a7b7d8242e5bff7ffa2b29d7f990717f7cbcd066ed25a6ce6e67ec6e84

    SHA512

    565a326f77cc5f9154a702de309aff5efaceed4b0723953d2df77ba8d3a74c71704046cb4f5c190ff5a09f428fae24f0938f37aa9a4228b8f0f015ebe377ab91

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\PPP.dll
    Filesize

    489KB

    MD5

    3b32d234804891d695c42b09b299e55f

    SHA1

    1e663ab6f6778f14cc4d20239d6a984e2f7c5108

    SHA256

    a0d86614ef275a2fdfde413d8d5bbb1c0e47a0af761ba88642fdef5e3db0d0ce

    SHA512

    db214d0a3a06ad088a4e8449a36d314b4b72513121605f220ca4a50c05ee51f66eed6d1956001c164d3475189dd0043b83e982794a4ec0578640e578430ccd0c

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\atl100.dll
    Filesize

    134KB

    MD5

    00d2c06a552f782c1f16acf77db765a5

    SHA1

    640fd59ae52c7c381d7696ce66668aeaaa25b711

    SHA256

    f54fe6535538174c139b1b0cb2ac0753b2e34412153a443482ccae53ffbc4dc6

    SHA512

    bbdfa6945d57c49a886442a7d1032e08656d4999e614d5a0be0d318832be94520601d2db9c0e3aff5e083d7a1392c72fb38ead2873520947e26993daed7ac795

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\hwcheck.exe
    Filesize

    127KB

    MD5

    5230c2232f3ba9e6a0513f847863d71a

    SHA1

    db4fea673ae5c389c423eb13950e6836f6564198

    SHA256

    c4bc151f084b887ad1f8174bd5f11318848f6c33a005b2186cc2484df97a53e3

    SHA512

    c14c8ccd975334a078e7ccdf8be02a6ce50c47d07dd9d9f94a0e164b118a2c162f50191b2a2a42fa972e5e7bee22b60e4186606eefefcac1e3b7f2b8989fa454

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\msvcp100.dll
    Filesize

    411KB

    MD5

    e3c817f7fe44cc870ecdbcbc3ea36132

    SHA1

    2ada702a0c143a7ae39b7de16a4b5cc994d2548b

    SHA256

    d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf

    SHA512

    4fcf3fcdd27c97a714e173aa221f53df6c152636d77dea49e256a9788f2d3f2c2d7315dd0b4d72ecefc553082f9149b8580779abb39891a88907f16ec9e13cbe

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\msvcr100.dll
    Filesize

    755KB

    MD5

    bf38660a9125935658cfa3e53fdc7d65

    SHA1

    0b51fb415ec89848f339f8989d323bea722bfd70

    SHA256

    60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa

    SHA512

    25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\player\AVCVideoDec.ax
    Filesize

    2.7MB

    MD5

    51d2aca00f5dec7407d756387a23fb53

    SHA1

    383bfd89b69bd45c868aafa148aacfa38ce325b8

    SHA256

    15cd4586d7a52d35ca8ac0ae8bd11c7118d159f064a4ab9903c99615d420b421

    SHA512

    c2488c8eea96e67bb76d2193e166928cd5fc86e8f763bd7132febb6ef557d37e32723ffc7b8f9d4687d27770cf1f3a9a4d1e29b814c0379d9db9fbddfd869bb4

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\player\HTTP_ASF_SOURCE.ax
    Filesize

    506KB

    MD5

    42caab4bbb78f571d515c05f6b21ef9f

    SHA1

    bc65bddd26fc4e57824c6056823b7a82a8bcff2b

    SHA256

    826a37b8b60d5f3c993d883452fd8d16887df27a4b906c063a120108a7492d51

    SHA512

    93ed2e9516cbeab8c0b7466f594699840a457b91a6a228de8e687260a60df1597a13d701b4b1c9d55c7072a412a8c3db7a2e7c7c34d6ac033cb2dc84ddeadb74

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\player\MP4Splitter.ax
    Filesize

    509KB

    MD5

    bb01bfdc1bfe48cf9c18180bf6539917

    SHA1

    25d0a11d31857fef74e9b98dcabd96f24d89c774

    SHA256

    050649bb8dc43e68753de7567e17972cbcec1a2dacf243befeb12dc51517f7cc

    SHA512

    f4fa00923ee61f0fcb53c8ebfd65b27db54a7663e5d60d8a56f7d08f33e2e1c467aa0b58899fbd62ac2261b185655cc94bac9ce85e2ed3b0c32336daa5346ba5

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\player\OPlayer.ocx
    Filesize

    685KB

    MD5

    67afb19cd5dd5c3013506db0ec2a6fd0

    SHA1

    49d8b649d09d00de2ab822e1d2d3a2b413c1aae9

    SHA256

    5cd2d51adf2742b91bc1ba90a49a5366038d5b2b8c48e4ddf4f35c7735abe673

    SHA512

    0082bd595d4f5b46c104d09b33300dfc02c442d5d8ca6901ce009fbe60dc1cd8b271abbb37047ac72d36f19b45a63d60eeb0b944b7072a635c75375cd677c96a

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\player\VSFilter.dll
    Filesize

    1.1MB

    MD5

    b99de549832eed7e78b516a830899e9c

    SHA1

    2e06a763e9d71147d5918933dae8f6a7211e3a26

    SHA256

    cabacef493c50d7d9905deb535a3515db2a27ad0afd5e3b1c38198a8e4fc3ea6

    SHA512

    f1aa6d1987317843e64768ffb9ffc25ab19555edd78d07c5f72c279ee5e30df500152d82a54545f166c5549d7fbd624b5ae80d2f52809be39af71771cbcbf179

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\3xgiving\common\checkbox_down.bmp
    Filesize

    576B

    MD5

    c91400d11e7e21a77be3754759e072ba

    SHA1

    1ecd1fb0ab06a160649fe88a87b8ba906f0d71b8

    SHA256

    cffc7129fe1626f8f803d7d24020d7625a003e492913173ed7e7759dfb0bd46d

    SHA512

    e1af4a260686f94c10496a44ed592db759f3c697450a2d724b465055c7edbe3b1df33378101f02c8e5b9af288f07ed9de5cf11413137a547ff8f5d64540e70e8

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\3xgiving\list\list_HD.png
    Filesize

    544B

    MD5

    22b53edfe6e1d6bde4c145fe4eeb01a5

    SHA1

    11e8c70756e18ffb8b7c03cb17f9f8e1ccbd9cb6

    SHA256

    9ed30eb5783647a0f4d3838dd9a4df81794c0234b237e73327aa7b24cfc28f43

    SHA512

    7ffbed90c92b76d73fd4f537ef1c7d92ecc3ea533c0382a89c2c835e29f7a8af86e46c9f898879814b47c0a6d64b88ae509f63aafc7d6d26b4ec5b80c2e2ac68

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\3xgiving\list\list_livebtn_down.png
    Filesize

    757B

    MD5

    cb96f0c57d50eeadf658f1bd858353ee

    SHA1

    2367654541eaf27ed1e86b506d3199c18f183ed7

    SHA256

    36630d09b394828852c5133a3ee909c8d2b5b402cf81477a5036597259943a1d

    SHA512

    e5a5343e5f3fd57b6f6f8207b86ac13ae9d29213af646aabe9dc5e287989052106c23ee6c809a0cc5024449852435eb897154bc94b68e984dff5759c4d0bc2fc

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\ad\ad_close.bmp
    Filesize

    568B

    MD5

    8d50be88be04be8e0155f5225e9d1550

    SHA1

    487a319dfaa3893a87f7811deb315849bc4b357d

    SHA256

    44afba3fa4f4d535489cee02146f1f68d9f8a7d4f1ec39b7a1bd137d82693993

    SHA512

    ac6d3b2aac550423d830dbc353e97d2bc7b83dd19919edcfbb33bed923156b572489070e7d13e0b31b01ba73c561e6bdd5e1e78e8cec6fba3743b061f69342b8

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\ad\new_pause.bmp
    Filesize

    4KB

    MD5

    8a082e60b033ebb16649a40f4c810225

    SHA1

    263eca6ab770b4c7ca047243957118041152c793

    SHA256

    fc9bfd161176f9685774c79fd125a08668a48cca33790901a448f3fe66fdbce7

    SHA512

    21348d8bd8c088b65a0a71f0ac0ae347bc756c51bd4f795ec2fb1af6f78166eeacf3bc0a966d95a94096cea94e581ac7f1fe40fc4e6f26415342ec1f9565221f

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\ad\pause_close.bmp
    Filesize

    2KB

    MD5

    921f9e0f79e738cbcb7277cefe25b3d7

    SHA1

    fbee296dc8d8736df309b1fca3e334cda7fd7e4e

    SHA256

    9ba700e07659becfe2b296cd7a7e404a1867aa35324e947872a9e747753fc4d2

    SHA512

    438ad298d729d1d3ee8d0c647d865238a53f8bdc23b75d21ba7126352bd55af844f811cdaf3c10a6280c27327454ee43ce3aa5916b3d60f4702c053235a25226

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox.bmp
    Filesize

    576B

    MD5

    8504e16a8c9f289537a8c404a3e322a4

    SHA1

    2e9532e8a72407cec10a662df3711cd0c2886eec

    SHA256

    aeb7452c9d202abffcc53022c46cd8faede0ffa4f4821e024c0720261fa60d8c

    SHA512

    2f775aa1b9e3f5addd88baaa3b83dc7e34cb90b1a650e7e20338d9d7febd77434ec84512e0b2c2ecd67928341f13db885da53f8ed6f623387f14b05e6f348756

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox_checked.bmp
    Filesize

    576B

    MD5

    1539514ae6d730e1cfc7a69aecd80e2e

    SHA1

    bd8f47a99dbf8ad6979aef6b0bce60397935ca46

    SHA256

    7397f699faaaf9363177e0d0e074c4ac5a19a7bdfc6b7c2e32586c466b39dadc

    SHA512

    80821fa6a07889c4cc280202c81c6bc8b10e39b997cff359c8df45f988de226aad517f674262e98ed6690be3cc433a600852cf14ccc4eea4b96165d4e09cd7ae

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox_checked_disabled.bmp
    Filesize

    576B

    MD5

    b12368f6e1b8ce7ff4c96158b3aef9a9

    SHA1

    0ca69176b2808eb81724de4af36a51a89724de45

    SHA256

    4215fe3f6ca2011a8c386bb7254ede56c11cce6010bbd6764e9c4d0121621d6b

    SHA512

    3892ec9f8f7fa1090b43e8a68a2863d5c17ffc68ad983d7968fb4ed2cd4882b73660526f42d7cb6c76a3d621baf99dc4fce4b7f4de95529ca1b4b95e39c03681

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox_checked_down.bmp
    Filesize

    576B

    MD5

    cbc56ad6a2f4734a0c3fa226b2582b4b

    SHA1

    2775109a99f3b952806a202bbf2601fbedc246ad

    SHA256

    5e1777c91fa4a4412a688dea4948361a462bc464f0deed828a0dd3122f2add85

    SHA512

    c60127dfbb8c8f561f0263620a1c6c1edcc9a1066cfc290cae3dd3fff59b84f45e1d3bfc1bbf13c8694c8789e526dfa369265204d5f20f3c98a0ae8bd59496a0

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox_checked_hover.bmp
    Filesize

    576B

    MD5

    8621ff9d66b415016211d73f6d8c34e6

    SHA1

    9c0168e47f39399a140bce460cd2cb0d6baa3c19

    SHA256

    94f7483f0229e440f5fc077b0fb0dc00d710f7814d09e5549bdf73dceb53b95d

    SHA512

    3dccce990e6f9d4527ae4dabe529e6022d43deef74a1d52acf53abc22a6a6179ab14aa82a8d371d7dcd93b8755ee76c8d5147688ba41170af47646825174b194

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\checkbox_hover.bmp
    Filesize

    576B

    MD5

    899994d10caecb0536298f7c1d733cc7

    SHA1

    8a5657d28d16bc365458c72360d5ea8ab8a138ff

    SHA256

    a0c9c8fc2f0bef2092dc38fef5acfcb7f3d19a6fb27a94d270c878a16bb16732

    SHA512

    872fa4f6bed95753023a925e5c8a2feda72d5642fa94f3f318ec72fa2c30685bc46b341368df0e33257d31d826e3e9d8660a603cdd83224a27c25e4751de470e

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio.png
    Filesize

    3KB

    MD5

    72715ef6db655782dd7e447b9adafe0a

    SHA1

    435d37cec5cad575f544ec42165dd7d5db7f6ebb

    SHA256

    f0dcd15af06267badb1d01a9a4b9a376da53a4996f8fab5e5b5bc8ed0d0d5ea3

    SHA512

    79c76593cfec88a943092f848a42d41a708eeba185e81695a6b87330d5e4a800c3cc1290e7a5e856bfbb94f37f193a623a0de049393c4e86d64d639629768c84

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_checked.png
    Filesize

    3KB

    MD5

    433f402cfec042629945b5bdea713e18

    SHA1

    7c62edb9ebbc93d59d75ddd5799d4e21161d201d

    SHA256

    0016838375afb51bad967899fd2eca286f2c27f84ec1005b054bd80d108c00c2

    SHA512

    ed3fea9226604a454e227c59b29c0b6a4d4aaafa88e064fd6c31a2a7ca8e5776dd853e25718be74174f204216ff7c245bd3b4daad99615994b6043d1cd31beab

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_checked_disabled.png
    Filesize

    2KB

    MD5

    50e8e363f1e7fba15f1117c11268583e

    SHA1

    b6d4da1992c499d6989bee6a9e1612f909e02d0f

    SHA256

    f20db24dbc28551489acbb642e6e2a830bbb0b523cfb29ea6604f354d6d20872

    SHA512

    be990f2b63bb9b7986550e3c339d801f1f2cbf7c74b182aaef27f0034ce5b1b6391932f10d66ff3680b4fd408e8741834afac4d9b555da41dea6ae2c71139fe8

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_checked_down.png
    Filesize

    3KB

    MD5

    5d9c2d8ad99cec3fa2b21515b96ffabc

    SHA1

    d74817adcecbbcfe19bf5178df7bf2220a0b4f4b

    SHA256

    bf780c8c221c3ef4a1bb8b91718782e9307f62557da419568c64af912c47b481

    SHA512

    16ed132ca2d869b4dd9d19637e5207ae75c10e1ae516c1179f8ab34a6884d96b38a71dc549767d51543779708c27e0bc8ae3dea9ce683c65bde97dbbac863fb3

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_checked_hover.png
    Filesize

    3KB

    MD5

    91670588aec0db6c234783b46fff519f

    SHA1

    de17fa85af07388800352239fa6d34b33bf1c54d

    SHA256

    3fbc4981251b997fc05c4fa5683fece9cc407ec7c97a0c77295f17297fb1f807

    SHA512

    6150da1d5244dc88ef504ba98de008c6001767f14f57048ffa9b1afb4d64a89c1e628039f8ea4bbb0aa62386c32e6f79cca9f859b7ea44a8c6e01ae9725a13d7

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_disabled.png
    Filesize

    2KB

    MD5

    b04a98e0f87e8262be019bc29138be93

    SHA1

    a0e22059e9bb199731286d4d1a56416f56939467

    SHA256

    5dde8dd578cbe8dfa3d6075462a2f00a7ea33586ae7314581747644f54b72bb6

    SHA512

    6ca598de1fa7c6c9b677fd5e8075e469a0604134993d83076654229279909770875b6f4942b0835f86e4591dfe7497df52adaca403c9c963394faeeaeaa5b4df

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_down.png
    Filesize

    3KB

    MD5

    a11b23c7a81bdbde6ee793d6548c2bf9

    SHA1

    59191208520763ae9e1206dcd40923c5f5065d97

    SHA256

    58e218e25f24cfdb89fe145b3325bc26d4ce637cffad725e918bf483380b55b8

    SHA512

    1c32b17543cd34463b4ef605dc947ed21357f510aeb9b54a516b671b68638a5e8ff26a64342157a32ff9bb4740dabd4af73a862e711dff37ed3cd34bcd462e69

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\common\radio_hover.png
    Filesize

    3KB

    MD5

    823a32ae4003e97345b2e83d1dbc0ff7

    SHA1

    21ba87facfc45b650e20477992d74fd583e06ceb

    SHA256

    be18b68f4fc767765527f860c422e3cb6875f5ad0738feac1753943af35c507e

    SHA512

    65df4f1aa6931c814b5aa6eca86bb158508b30ec35d12946e5ccb4d11a265404fc90cd98e8e26662c47e1521436822bf10845c7e8ff34da202b9791b43131829

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\logo.jpg
    Filesize

    23KB

    MD5

    400e3ae746339166c946ba66b7904d09

    SHA1

    c79f17bfc6852802e7a186ab06e6de36d48eb4c8

    SHA256

    78cbcfb4992ef63dd84b4f8bddc318e6b67712256892efe0d55a3fec01c00182

    SHA512

    73131166a67de4a7522aaf66e00ba87eed885567d4017bfaaab20b6f0bdf76875697933bf66be993137c74ee16123d1ca5dd137907ef5e150a3417a8939af264

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\playctrl\ProgressTb_hover.png
    Filesize

    2KB

    MD5

    9b264a8fd3b725c91be9f19251b45497

    SHA1

    96ba341f706f066094e1c40efa7f17ee50308162

    SHA256

    49b30bf4be968094681aafcd3d497678b9ad665c170d5b9f3a54e2fe0ea0d6f6

    SHA512

    f2a1994fa2043fd1e8276ee0294f1ca9ab91c8d32edffa94cf3bc5bad7a40969b18951c03203d9e2aec0843ccca3076ffda8bf7aa518c1b20d6fb27857319d07

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\scrollbar\scrollbar_pagedown.bmp
    Filesize

    938B

    MD5

    8cef089386ebde8d75be4f1ff484dedf

    SHA1

    9b0d2df216ab05a77dd2d26e25f74ad0f74215e7

    SHA256

    00ef4863718b02036cba33c6c6a9c418257055ae9ecc05e2e9e363ff7164d31c

    SHA512

    27aeb168cc70c16ae64f60507250c935038bec80c084c0d54b8a273ec3f4311d02c3c3cf1320a4b87286760187d0654f17bdaf5a7698f970624973912f64d822

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\classic_b\scrollbar\scrollbar_vthumbgripper.bmp
    Filesize

    488B

    MD5

    8d4c2f2863f2b4dcef20acc984488a02

    SHA1

    3133f0a5b4f4487c3400ebd2fc4663a37657ed09

    SHA256

    e3fedf6cffe67c2a5412fce2bba2745d22c54e621d5d67f421e3232d72ffd4f6

    SHA512

    a71549800c6d4f041da3bbc9abd090b0364695ec8a1ae1dcbb74844f00a87908188963205e82ea7e2463e5c9a69000277b21fbf27e0f676f2e2663b50363bdc0

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\default2\scrollbar\scrollbar_pagedown_hover.bmp
    Filesize

    938B

    MD5

    164b0e5435d98c9b78e5a8b2f67032f0

    SHA1

    7e97a10a4889f0a40fc09fe0af457994a3f29b54

    SHA256

    6909bc2d3367d8d28a4f43b4b5dfdfa0118f9d3bc36d758ecfba3241cb0a3e23

    SHA512

    b1f52be072d6ffcd901bcad633dd74c50eb499f8945158ac1009e7f3690406d43e49dc5469858113e334a5ab12f24560f5d1d9e5af9cb56c9b4287633ae5027a

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\3.1.9.0042\skins\default2\scrollbar\scrollbar_vthumbgripper_down.bmp
    Filesize

    488B

    MD5

    0129dd07526b63a36f43dfd8a09291d9

    SHA1

    cfa05b8bc2d13a67c1a71692040bcf6ae5a2a2b6

    SHA256

    cfdd7e892c56661c8b29d442efbec58aa39569e1a4e52157e660b3acbd342d53

    SHA512

    9d6814486c6f340ea12c25764c9b4e1d4208fddfcf49b6ecbd9ddb6785c67279b03fcfdef3cb3b21e46a608a32e51cdd5efbd1d1a872a67351b41041225182e0

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
    Filesize

    244KB

    MD5

    6d8642eb3340195fef177995e3f1d64e

    SHA1

    c84d743e74010243e293e4e5a1c65cbc8979dadc

    SHA256

    c757d7c17298f1e25518386645fa56f9109dbfcf2f83b0b4f83b0139874caab0

    SHA512

    8f45d0026cdeb6fbb9a20df993f78781e9f743992cc03fc6cc5d92a20a510282ff97a8cdfd02a8c4b6e4bcc89932fcea0f898a4b19a2304438e4be06f6e936ef

    Download Submit

  • C:\Program Files (x86)\PPLive\PPTV\PPTV.lnk
    Filesize

    1KB

    MD5

    52f5c794513ebd5da8306c0f8794bb3c

    SHA1

    3b8b4ef08636eca1658aafcba082eda8954998a7

    SHA256

    1acae44bdf4282c235d60ad92079a0b722ac1df8de42ee83c1ba13c2bf8c3a4e

    SHA512

    9108b3fde455e39f435d53b47ac690d90f8cb7a7d17d0a50445fad335e6b5d53572b29b5321a3d3f88ecb14e51ddd90252c1c63030dfbbf6ddfa63314b0f83e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso945.tmp\nsExec.dll
    Filesize

    11KB

    MD5

    cafc1ee307726dd4aa02677bc2265878

    SHA1

    5b5cb5a82a2fcf9b6386a574534771804aca0fb3

    SHA256

    02dc4b7b312995b68f1d424590755a4266de42bf7790efc01f6a336deadb31c6

    SHA512

    38c46cdf22951d7b0ac1a8a60b9a72d26706cdf6046914d8809586e2e008b186dc2252da2d68b37833ca08335576c9296e445597255b1797f1f2c1c08d14279a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\BindDLL.dll
    Filesize

    49KB

    MD5

    9113f1ebc6ab1d8e9037883926ce30a8

    SHA1

    7e07d150014fead9e9a7fa3fa300e360f9bf824e

    SHA256

    faf33559a59f00ce3017b319710d99d370bba6c851b7010bb7c4c77458e14c3c

    SHA512

    c660c35c8af9a9e4cac317c1615ec190a1fc7ef0d91f0a0820af3cb269d4dbea58356835256f1bd1accccf4735edad7d391105af0ae26438e010e2c860eac623

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\GetVersion.dll
    Filesize

    5KB

    MD5

    2e2412281a205ed8d53aafb3ef770a2d

    SHA1

    3cae4138e8226866236cf34f8fb00dafb0954d97

    SHA256

    db09adb6e17b6a0b31823802431ff5209018ee8c77a193ac8077e42e5f15fb00

    SHA512

    6d57249b7e02e1dfed2e297ec35fb375ecf3abc893d68694f4fa5f2e82ec68c129af9cc5ce3dd4025147309c0832a2847b69334138f3d29c5572ff4e1b16f219

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\PPTV视频.library-ms
    Filesize

    278B

    MD5

    00d648f977b119d93feb9f456832a5f2

    SHA1

    ed366c2fd6748d03e69ce1224faf9d9e736306b9

    SHA256

    22005de519c1e95bd2ff85067ed9956d302ecbcb9aa16ddb182c20cc5636224c

    SHA512

    066a0c644b603276f638cfd8db8de34243294bd6568a3a167d07fd796c5ab743613fab804a60d10094b4d4c64ef9b3070c50729268be70939e809009799007a9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\PPTV视频.library-ms
    Filesize

    3KB

    MD5

    7ba81223bf700796daedf39c67ed2f7a

    SHA1

    dc6a21fffb3eefc7d562283b9273bd125281d410

    SHA256

    8b5d8f56d56900f79bcd18497acb1c2bc6c815dd66e06af7c21cf4cdf2b7c0ef

    SHA512

    70ba7b95459ac6909bda9917258f068c56f9ad1a1c46913fde85975d1d59af07a58fd71fa8ef99f1fe96bab268ab834fee51da0702e7751747fb159786d3d54a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\PPTV视频.library-ms
    Filesize

    2KB

    MD5

    341f7463c0d214a5f54b32b9d780ee60

    SHA1

    692dd50c4a6884c60130420799b25b253ad7c263

    SHA256

    3bdab3dd40f02ac5a595e34de63a54d77c2f808e937988fa3ce5fcd323974e1e

    SHA512

    8663fded94fbafb8d29e20ef55ad9dbc065061387e197a3774e9bad1845202c9ff2f0c55e3af550e3232f891a1b63d63fbadca1a1965a776d650288ddaa69045

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\PPTV视频.library-ms
    Filesize

    5KB

    MD5

    49db1b72cef16400c6afab40834dbf79

    SHA1

    d61a189efc09cda78391bd360780aef3d422b135

    SHA256

    3d63f77f35119ffb40f1db3532f0cae4111351e019974fc11cd6771bf225becb

    SHA512

    895fe8b0c9a73b1ee902b374c16a526a4f00e982961459ff87d8868320cfa287e102f3292db6498bf0d733a819fe13e6300766654b5e7e86ea2470d710dc681b

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\Converter.dll
    Filesize

    105KB

    MD5

    ce9af172025094f8ffc1ebacf1fea815

    SHA1

    e05b2ddeeb699249fdbde4d6ddd005f192399fd3

    SHA256

    94cb1c1923d0198ba8f10266f6ee84055d54869d2a1a0986b4cc73624f4f1dc2

    SHA512

    1fc6e5a7acc87640880e731add4aa91c3397df797a5c73ec3fa922d85bde446962083202c0017c3fd5872827a73ba7b352af4ee5d9ee9afaeda6efce950b539e

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\IEBrowser.dll
    Filesize

    377KB

    MD5

    bac0668f450bcf32ac7170a0d1453aec

    SHA1

    a64f8d5e1b9fd024dd7f562c026f36ef3df065b7

    SHA256

    ceeb7c61a135ce0f82263807a4e5639c298d87f49f561a03701a0673bbb96029

    SHA512

    62e7d1fdb104b2ef8b144c39dad5c5799161bbad891347da00954e6a4ad376b7fdbd96fcba5e7388cd34ffe4b1719e33dabf16ab6276366dd1b97a6a84fc4468

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\MngModule.dll
    Filesize

    505KB

    MD5

    8b5367db387ff56304b44fd6f7e0678b

    SHA1

    716f69cff7c5dc0ec3c13fbd2065ba78b28ce42f

    SHA256

    3f38f19c2d68c174f3b1ce59ff3f308aa0880ca3b92ede6195b47be493bcf655

    SHA512

    77ac1d569fa9a68b516bb37bba4c90f6ceba878478cb69c651c1268a9c22f0a308b568fd17f537caa888d5d2f12443fe38b3ec46db737edd5749093c861e951a

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\TipsClient.dll
    Filesize

    389KB

    MD5

    649387e8f2301c59f1893f7ecd73f34c

    SHA1

    ea5769f3b527004b70d97525091723441727bfef

    SHA256

    f0fd9002039f0446a8e3b66e38774300d4706f6ee6ec5333df41f510ac056cd6

    SHA512

    02d6d7481a93e7561a069123b19e9ed732a3dd7d0a40fd768a9d878c00b73ee41fc09862927c6cde359cbb7686e1bce78c12560f56769c1ef265c223b3394505

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\crashreporter.exe
    Filesize

    230KB

    MD5

    330e6df7f0167f733da0937424be412e

    SHA1

    9480be42759ee64b1d0879d47785fcf35a900a91

    SHA256

    7b3fd7240656a51083ba4c9bc450329cd6ef81e063fc2da198036ed09b950c09

    SHA512

    5a745475a3460c7661f2d17593f865e22f8d0cba9d936ce9f24c673a8b41a9054b6d88826c0a0054249a549749c5133e373ede465243b9152eabbe267a5b1415

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\FWUpnp.dll
    Filesize

    119KB

    MD5

    ff4582a1c4782cb92e932ba28e4894da

    SHA1

    5969412c3e09438e83d0416547598b8b9337d3fb

    SHA256

    4ae78b468c47bf3899fe5071dd780b2a3ebb7af59e9a857b1ee59c69ed790f3d

    SHA512

    d0720e36494fe0252868ad9fa16da930594a355922babb14f4d5f0e8f43b754597a7e90faa64870bdba63588d01554ee2924e0a98d57d3700e83d576ad84ccd3

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\live\Live.dll
    Filesize

    269KB

    MD5

    dd37edfc2a381cc169951301bd4b1e6d

    SHA1

    0734f6615addb577e9c70e4e316c69b9b89c47dd

    SHA256

    ab362764c495fb54929cd9eaeb18ce67673de091ce892e43439804446e8d5c95

    SHA512

    387fac37e46b197582dbcea9f570e6cf1f5e36ed70b77f1ea42b78af6876b24bc2e0578ca699d2ab6abe212b42f99ded5e71371236d29858209cb2ff855422ce

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\live\mir.dll
    Filesize

    1.1MB

    MD5

    bf5099c78068447b31e64521e103ec41

    SHA1

    eb986008eca58285ba5a5b77d83a166395f594ef

    SHA256

    a68c03df839d75b6f512ea26d160a3a506976e301cb13c7e23392c38fbde5677

    SHA512

    1ceb83504b36e2a0bcad7f0c1107685368e2b6156aa0599006b6ee3d8c94d3dfcf14dad679817f785ace71d603fd8d51f2a2ddbaaf48b5d1eaa517d9d69571a7

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\live\tpi.dll
    Filesize

    885KB

    MD5

    f7aebe01c20ba67e2841a0d26bb14e7a

    SHA1

    8571707df764256694e6a5eb9da1288127d570e8

    SHA256

    f92a000062c3b5cb961a9773db071ab7dce19bb21a6b775fb72b89e6e12e745c

    SHA512

    dea2cea63d7098c27d73c3891234b6e672d956a41acc24315de7cce42ba35aae4e6447234c42fca085f91e6749fef051c78af35dee316f348939cbc3a131ce29

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\peer.dll
    Filesize

    2.5MB

    MD5

    158fd9c419dce70ba111a4300217dba1

    SHA1

    37ad9783a213b2f3931480874b04d03c1a71c4da

    SHA256

    2cf12d1a930fd794ac64a29ef7d101ff1a3bea6e2ad7c8d05efdf41913b3b9a0

    SHA512

    5a2364ae31d130e0ae5284a1db4d1577d79fba808443b039a212cb63231f5da44e8bd04f35a758da112467d8d03d2c9fd0e403127c644bdb1e052f547a6e8a51

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\kernel\sop.dll
    Filesize

    112KB

    MD5

    56064266bcfaa7848b396ca18d8069eb

    SHA1

    0a4e479bedbe55b73ffa05844cba18d48c210bef

    SHA256

    d6b5933b726f83940566863c22d7e2787e581259d1d8c26c40389ba0b3baaa35

    SHA512

    e809d26aec280b871677934a9514bbc95cbc9bb4cd332ee101da7a4559338426ca1d9a129c3d71c897f9ac535e3cb437608bb56964324bf9febaeb04f43b214e

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\player\CoreAAC.ax
    Filesize

    312KB

    MD5

    b0ffac757be8d6cc41e1131eb2b0d959

    SHA1

    0e41733a050bc2ed53fda6337d6501b9942317c2

    SHA256

    04bf38bbd9cb8287582f9a2fb8b06e0ab30f06f676a93f4a56656b576f10e597

    SHA512

    356ecf4902f767f74670e5fcd57f26fb8a43710d0a2b3a995877e6f265119b2f091c6e5e3457dfa1767c6e4043afc470cc7090f43dd997b27c0e94c7e102bee3

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\player\CoreAVC.2.0.0.0.ax
    Filesize

    265KB

    MD5

    a45cfb1f058297ae981f8afeef056b8d

    SHA1

    e454ed585a0f19d3119cef725958ea19c93cd7cf

    SHA256

    779768aa0bf2270422e1686547ae622238e7b7cf37ce212a1d75caf8628c1508

    SHA512

    efa87c97e4f76d5fbd73d2e0c5c580c719518d4e3e7e16efdb1355b659c9584956bc7df944f0d637f069f359a046fe65bfd178e4cbaf97fbb5921ebd29e09aa0

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\player\CoreAVC.ax
    Filesize

    181KB

    MD5

    c264fed121afd44bda8bf0ff8f4e4269

    SHA1

    7480a3b26b81045a1504e68e15225682bcc6f440

    SHA256

    cb8d9d80dcd48d9a9e3d87c847c47125f7201a98fb5abb4bd6c443322071b951

    SHA512

    99ed4b723b2b7a90fce8e9bf9ee8d5a1440c4d569638ff6a1aa59354c8bca91618a13c440f754fad3ae22c306709da35b4c53b8a00a09753027eaed0d238052b

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\player\audioswitcher.ax
    Filesize

    334KB

    MD5

    e33f76bdecd96872d949455b0750679b

    SHA1

    e7764b4b09c2a6e9af043f07de5cc38804114dc6

    SHA256

    784b602b1c61207c5125db0b9195391e90cee3dd6f042f2d1941ed47f52c210b

    SHA512

    7a6378186882a82fce64010585ad44da54e4944f8a40ccb1c703a8550fa1ae18411c8cf48d270733ca374fad5a41758750aa2d94ac61d508657298cc1cf0ee55

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\restore.dll
    Filesize

    50KB

    MD5

    322db931c5d9130147a611a032a3b4e6

    SHA1

    dc174d4b10c9bd10167dd0dd992e4c318c7d3565

    SHA256

    00a2f60be90b6a26e2b8e7bc7262e1071047e3e6467ce51b9f857f6bfd6b1dfc

    SHA512

    8a63f31996171b8ff86deb1a192f7d36ad1e4b9010c0d1bdd01515323fac56a9cfa34bc05d8db860abc3d2e5e63dd237f2c882080a92e97800951fd1a66ac056

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.1919\uilib.dll
    Filesize

    844KB

    MD5

    a1c90e527e7d09ce4f9dffc2dc1c44a7

    SHA1

    c81de3c93e14208dbffb76accc47b49a6ed19851

    SHA256

    f8dd0584c2b0876464cc14b0940d24a82a5a521d899597b40d3fbc0c99603fda

    SHA512

    15952658a44810ef170ec670ee1aeb98bf2b009704ef345bac9268b359d1a295cd83be4d3984675d6bf3175e089ec75ad2645bf371bfaa2f7e92ba73c4063a87

    Download Submit

  • \Program Files (x86)\Common Files\PPLiveNetwork\Converter.exe
    Filesize

    244KB

    MD5

    ed8268788ec0eb2a85de42b11dbd8f8a

    SHA1

    4de8f8d1dadf5f59ca0e1bb7050ad0ec305e1e9c

    SHA256

    70c812ddf1b02af7d9442cf0351051bb2bd90c2ce07a75d41d0250a7c878829e

    SHA512

    b3f4048bcd3d13a32587aba3903f9cacc79a63b904aec05da443f105108992c59a09069e6fdd2600ea6faa7dabe1f24dc9edde2c46aa05c387c3ecd8c9ef8556

    Download Submit

  • \Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\PluginInstaller.exe
    Filesize

    125KB

    MD5

    6635bb09bd59b00d37adbd6401b32100

    SHA1

    3a54c2aaffd9604947496d77ea7d854ef032b631

    SHA256

    86b88dd266ba7133ff04502739693dec7e1df93315be7156127d451062f544bb

    SHA512

    a3a5e815b777d1471aa7233166ee894933779bf56d13516ba81e687118067599a9b7a15f642b0ee34bc9052fe4ea9ed7da871825f5ca3ee8da1424e8df5a978f

    Download Submit

  • \Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\mframe.dll
    Filesize

    465KB

    MD5

    5524cdd67e4b647e2182140d061c38aa

    SHA1

    bf37d31c8b6fc5b21208d6bd63e354174d20033b

    SHA256

    b79bad2a8ece3f5729a56a41f3ae9b956d4b9920ef3d94425b32189c94d4d8d2

    SHA512

    97ccf0c0f2a8384802fbc3d59269c00bef26adfe6255b3c6e16165f5721892c8660fc94815ff05d7501fb60d28d1f271a2646fec8f3c98d8d6235d281eb14817

    Download Submit

  • \Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\npplugin2.dll
    Filesize

    133KB

    MD5

    2205dfeaf187d0f4f6e8c6e9f669f635

    SHA1

    3de9354d3e52bb92bf801afdf65cdd42586b4b67

    SHA256

    ecce636b52cca20a34fc29c19ca73a2616a8ea37517beb3f7a8eb2a2f246085f

    SHA512

    88cd55636f5771d8a4679703ac363a33d54d4b52f4dca52b14853301bef19695a2978e1fe5255811e796cf593c4445c62b6251f8bdb13f6b59c8d849d72c8d94

    Download Submit

  • \Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\pplugin2.dll
    Filesize

    233KB

    MD5

    988ef947e1c63344a1778288213d0f5b

    SHA1

    548c542c75f268d8a9edd885e2408c334f06db23

    SHA256

    dd13ef8d2d5ec67ab468259eddd0326ea2522acec19f16fdcba433e6e86fc8f1

    SHA512

    8424bc3c8c15de8d15731d7e14bec4afa8cb2e8dd749a8defc7a52519c67b131b31f8144446091ac69add4f51b2d3e1f6806ceb1deba4c0a04b1fb9ee92ea3ac

    Download Submit

  • \Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1919\ppp.dll
    Filesize

    229KB

    MD5

    4a32f3e0ea7c56e313481f85677d98fe

    SHA1

    39957caa9042f0eb1eaeeefb8c7faeeae4b6687b

    SHA256

    9a1a5b216b0c5e9a328c8440faeb82afbc9d99040f2554ac3671b3309b4a5632

    SHA512

    a73972a0b0afb47999b0e30fed31a714f41bda0e11b1a26cde48e2aa37c4fedebd8a32414a3ade70d175fa6aebc17f352bad00767f5fc3e136948ccbf3b2d32d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\AsynDownload.dll
    Filesize

    29KB

    MD5

    72f5fa9eb744818136a0ad6b5bc3b332

    SHA1

    23facc141497c0c27bf25ee2d81b37bdfb5a1e9c

    SHA256

    ef89ba69fa02c1617005b2cab71981126f926c50fe21fef454de2a91f3b27edd

    SHA512

    5bf62bbff9ff8e78367b3fce41b9cdad4cefcd8b02c114fe4b71a302365af68f6ba6b9a4871ecbf877bc12d3e5c0876a344041cc46adb4e89efeaa30d512401c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\CommonFuncDll.dll
    Filesize

    200KB

    MD5

    95b513650615b2661e2d6660dedb2d28

    SHA1

    28c6b0a871a066e7592d857942e42657de68ce76

    SHA256

    8d2e970256c8227b290506a81e61206af5c5996ab73a06dff13d667dbe7c36e3

    SHA512

    9e171e42f38e502afa87fe3765ca61c3ac6a9dc5c76bfc0d7f8d32b19b10ba6ee02bd06a4a7b3d9e9c98eef8c4a528af62b41b7b9c5fd841e63028d1cc44b9b0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\FindProcDLL.dll
    Filesize

    25KB

    MD5

    6cf5b5f2492a07175902beefa138522d

    SHA1

    5ad85b25c7cad0b0747eb6ea0fbaca5830571244

    SHA256

    7addf56d9c08efb13d7c8bb39cf9073cd58495f22aaa04e22c1b43661d67fc0b

    SHA512

    fe2f0bad6d650f6a260488e9dd2b5476d2553995219a72eba7bf75ac61135382237a19b107c76b9762f959e4e14470a40aa588069fb3dac3a2512afba8a537a1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\GetCommentsInfoDll.dll
    Filesize

    53KB

    MD5

    aa61ac6aa49a499b30dce871869bb6be

    SHA1

    cfce11e23f1678fe9e46bc72b54ccc546c6e79aa

    SHA256

    c5a4a3674b518f7378a900665ac94d39a305f92dccaed5a879c328d6cc308ae7

    SHA512

    bd1facaded3bb2fa47901e0e0cc27a5376fe11c140a5be26a95a38fd66a1799109dd97ece1c413fd226ef5da3ebf55b0999c80b8bc1eab828a84a4600d84108d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\InetLoad.dll
    Filesize

    22KB

    MD5

    c6c0e09404a118930a3e3df78dddb43c

    SHA1

    44285de81985dbf4f72d9615cc0233da28143e55

    SHA256

    906959ece55907e11802e4d20278f248f8f6f92275f99f755dce02f7e7a77333

    SHA512

    d593a99ca92f4667aba8ee275cacbed916db4b5d058519d4641bc03e3c9c155272c863c574a614c4ffd8771e68262881cb7a423683ece197183027f32629b047

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\KillProcDLL.dll
    Filesize

    25KB

    MD5

    56aa49d64c747cdd6b5cef305b4e423f

    SHA1

    9f0a4c6600e61e394476a35ef639d428bb2a136d

    SHA256

    dc90ebf8ffd5d30fda40b5c7779579ab65d83f80ca9fd3e5ab119efc42aa4902

    SHA512

    504f183939893b83d733a4be49a90c79893631ffa2367ebb0a27777a67337d7b06bb2e57bdf4a53a28131fdd7007db3c7add8a84e28cf8e4897c75dec44f09c8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\PPAddWhite.dll
    Filesize

    449KB

    MD5

    08feed3a3238c459708078d9bd392360

    SHA1

    89d05d0a1506740b08cd634574268aba30168874

    SHA256

    ad28878b980abda7dd258bcddc50f3aa8c2a1163b5e3611c8c63d6589b6fa249

    SHA512

    9f149872f6514aeb3a3901601827067e45196dbf9f4c03ee8709c7d6b5a5eae84b268dab65066f10b20e9a65a081db0b5c44e28bb245b803c940b7366230b86a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\PPInstallLog.dll
    Filesize

    37KB

    MD5

    9d97fa707aa40a6ed68545a35ec0e038

    SHA1

    94f2c2e380987fed5670a4d15ffdcc2896a1e867

    SHA256

    c866c99a2a5d049d3394ab8f58b46ee9450eb493bfba4e0c2be34801fa3ac322

    SHA512

    b0ded01166cde92775851d24bd21f463989f5ec1752a6c97dd8374f9960ce1338d1dfeae8ce9636527c70a6874e8ef67b2c8921590b1a73e83c008a0ad177b88

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\System.dll
    Filesize

    14KB

    MD5

    f470cc1a72cd0dffc799f0d2b0ab9f6a

    SHA1

    a1d0e98aaea162739bd52c36d2a77b3028531859

    SHA256

    ce9f8fd595dd6450f2b5d2633d684cf7a247f61875d95bd2eb3c5a441d93e0f8

    SHA512

    60e65ba2e42150e90219c7ff0c85d12a0db15444dcd6d958436f0f52e28a20a4723e4cd2a4d23f999312be1b832d37cdb60d1d434b4fde95b701c03ceb31670d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\cknsis.dll
    Filesize

    51KB

    MD5

    08089179f184f92fafe82e690b335bcf

    SHA1

    f272226069706e1e2d009e95e408b3303a8b1662

    SHA256

    58eac56896032ca3babd1093b25be14c1a54ecbec2c7ad0f9ae6b87ffba2a30c

    SHA512

    6277e5151628a0e8e78006e8c69c44b89c988352e1de02de149dd162bb2a5dcffa3f1bf2844d8a621c1768ea12b8597ddbb1abc375312240873f1151aa0a2dda

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\pnsis.dll
    Filesize

    77KB

    MD5

    bdb493093a0a8b3a19744db0f3e9bb9b

    SHA1

    6c5aace481375a8ffcd0b5d722cf02ae8c752a06

    SHA256

    b33f0bbe8dceac3eea4a1bd4ded2af8b34303cabe7029e8d3294ce20d446ea1a

    SHA512

    6d288388e99ce7c51f469da65a64835c0d6e0b63577e4ee8e5dd566e87df8999af1ea19b621e34d8017d88cdba93a09cd74feeb99ebb5970002444369e3af8a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoF3A4.tmp\time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • memory/2384-367-0x0000000008200000-0x00000000082FB000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-2451-0x0000000007500000-0x000000000750C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2384-2427-0x0000000007580000-0x0000000007592000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2384-366-0x0000000008200000-0x00000000082FB000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-206-0x0000000008190000-0x000000000828B000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-207-0x0000000008190000-0x000000000828B000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-104-0x0000000002550000-0x0000000002562000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2384-2580-0x0000000008200000-0x0000000008212000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2384-212-0x0000000074290000-0x00000000743A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2384-2659-0x0000000008190000-0x000000000828B000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-2658-0x0000000008190000-0x000000000828B000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2384-37-0x0000000002430000-0x000000000243E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2384-253-0x00000000074F0000-0x0000000007502000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2384-43-0x0000000002430000-0x000000000243F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2888-2766-0x0000000000240000-0x0000000000300000-memory.dmp

    Filesize

    768KB

    Download

  • memory/3020-2769-0x0000000000200000-0x000000000020A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3020-2768-0x0000000000200000-0x000000000020A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3020-2770-0x0000000000200000-0x000000000020A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3020-2772-0x0000000000610000-0x000000000061A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3020-2771-0x0000000000610000-0x000000000061A000-memory.dmp

    Filesize

    40KB

    Download