pandastealer | 6db345ff7f370b0785a5ce1a0f3e8d9b2a8d8fb6a236d29744c87749868adc50

Analysis

max time kernel
121s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Size

6.7MB
MD5

852b1c668870b9e64ac7c23d5d75ee9e
SHA1

28b2571d9d3585552480607a95e9dd242b96a766
SHA256

6db345ff7f370b0785a5ce1a0f3e8d9b2a8d8fb6a236d29744c87749868adc50
SHA512

e375078ad47ef25612e81051dd366f23db30534e7743a9b5b708a58a3b5086521d5c0c5d7a1998d7c9196e18adfc51777a2ff824dde61983149dbc0e2c112588
SSDEEP

196608:D7q7IsFwqyNah8zqpati6Kf5rnVQ1V85Ej:DzmU68maV4Rne85q

Score

10^/10

pandastealer discovery stealer

Malware Config

Signatures

Panda Stealer payload 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000016d38-55.dat	family_pandastealer

PandaStealer
Panda Stealer is a fork of CollectorProject Stealer written in C++.
stealer pandastealer
Pandastealer family
pandastealer

Executes dropped EXE 1 IoCs

pid	Process
848	splayer.exe

Loads dropped DLL 30 IoCs

pid	Process
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
1568	cscript.exe
1568	cscript.exe
1568	cscript.exe
848	splayer.exe
848	splayer.exe
848	splayer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	cscript.exe

Drops file in Program Files directory 52 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SPlayer\vp6dec.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\lang\splayer.ru.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\ivm.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\mc.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxscreen.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mcucltu.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\PmpSplitter.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\mkunicode.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\ir50_32.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\mmamrdmx.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\splayer_1710_5q2bmd.dmp	splayer.exe
File created	C:\Program Files (x86)\SPlayer\haalis.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\unrar.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\hotkey\SPlayer.key	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mdssockc.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mtcontain.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\SPlayer\lang\default	splayer.exe
File created	C:\Program Files (x86)\SPlayer\ogm.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\binkw32.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\RadGtSplitter.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\lang\splayer.cht.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\SPlayer\lang\default	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_wtlvcl.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxvideo.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\ts.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\sphash.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\SPlayer\settings.db	splayer.exe
File opened for modification	C:\Program Files (x86)\SPlayer\SVPDebug.log	splayer.exe
File created	C:\Program Files (x86)\SPlayer\vp8decoder.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mcufilecu.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\ir41_32.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\lang\splayer.ge.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\IVMSource.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxshbasu.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxshmaiu.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxshsour.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\sinet.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\mp4.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\SPlayer\settings.db-journal	splayer.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mtcontrol.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxsource.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxrender.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\Esdll.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\mkzlib.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\smackw32.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\lang\splayer.en.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\uninstall.exe	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\mpc_mxaudio.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\csfcodec\ijl15.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\CSMX.dll	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\splayer.exe	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
File created	C:\Program Files (x86)\SPlayer\rlapedec.ax	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	splayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436708216"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{453B53E1-990C-11EF-8320-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000000421039a6e5d922c8da9fa7892c48fc8f0120aea0dbab2b422cfda9476783128000000000e800000000200002000000064a7d860f143f6dcad4f44eeb39bc1e6a5a7693b98ef913cae64422f13605801900000006d7e5bef6ed229ff4c1eb9fc386f6c395f6aef359f7eef5497401fb6dbad8360d565bb2871c9313e8b818478a0aa911ee661a2392fa3618144c8e9206c3f44e97d4ba4faf02f84d8049642617b77897c4be207cb20113e3ee6c4839772cb3b9ceeef74e485e17e64546fcb7d7e45c2e12c775cee0a63dd691cfe13e0c61c5353907e0f501e3f98664c562c04c5c4542540000000ed81f40aade4cfac5ea1f3b75f3134731ff32146b12a2327704cfcb0064a828b30b46be374e0d348a3391c5a14e94490e28dd3f6c532873cafc08ee69aae87b0	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000576abe0abe05770c2e0f5bb60e23babc54d8069d758d195e9417ac8d897dee90000000000e800000000200002000000061ec8e98657f80deb86bbabc4f584cf69bcf847706af60d5d523768341e87f80200000003e110b8df9f060fd7a952aec557402f41994bd0548ac7ca2d9d364eb555a2414400000008cb32adfbfd1fa7a145ba1f88b31c4f13fd7a3cb8a97832fb94450b982221c9effd5e71c99530d619873c2819df674d5bf2f42900c1a94f4e6168e30ea9e24f5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 502c211c192ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD323433-CE94-11CE-82DD-0800095A5B55}\ = "IVI Encode Parameters Property Page"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.wm\shell\open\command	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.ts\shell\open\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.amr\shell	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ECCBA771-92F2-497b-98AA-5FAA0BAA2DF6}\InprocServer32\ThreadingModel = "Both"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MtControl.MtTaskManager\CurVer	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mp2v\shell\enqueue\ = "Add to ShootPlayer's Playlist"	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.hdmov\shell\openewnd	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.drc\shell\openewnd\command	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.wvx\shell\openewnd	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mpls\shell\openewnd	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mpv2\shell\open\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mp2v	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.tp\shell\enqueue	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{87BBB4ED-1767-4b7e-821C-7C4657E439D4}\ = "Mpc MxScreenV1Decoder Class"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3BB3828F-9787-48A7-A894-6ADE46C64737}	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AD461A96-4DB8-4C6E-BF23-84D682ADC382}\1.0\ = "wtlvcl 1.0 Type Library"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{86708513-5A2E-424f-AB46-F4BE3F82954F}\VersionIndependentProgID	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.wm\shell	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.dsv\shell\openewnd\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" /new \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.m3u	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.ssa\DefaultIcon\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\",4"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Collegesoft.NetworkClient\CLSID\ = "{AD92C6E6-997A-4E9E-9D7D-EDED6DE933FB}"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MtControl.MtFileManager.1\CLSID\ = "{164A68B6-3F90-47C2-85A7-1E4D8952EF0A}"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mts\shell\open\ = "Open with ShootPlayer"	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.ogm\shell\openewnd	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.3gp2\shell\enqueue\command	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{665A4447-D905-11D0-A30E-444553540000}\ProxyStubClsid32	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.pls\DefaultIcon\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\",6"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.qt\shell\enqueue\ = "Add to ShootPlayer's Playlist"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MtControl.CXpController\ = "Multimedia File Play Controller"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31345649-0000-0010-8000-00AA00389B71}\Pins	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Mpcwtlvcl.WindowFrame.1\CLSID\ = "{212CA6D1-E9BB-41cf-BF77-06E000F403A8}"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46E00789-37CA-4278-8907-02088898B6B0}\ProgID	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.3gp\DefaultIcon\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\",5"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.ogv\shell\enqueue\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" /add \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.flc\shell\openewnd\command	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.rt\shell	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.dsv\shell\enqueue\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" /add \"%1\""	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.asx\DefaultIcon\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\",6"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.vp6\ = "Other"	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Mpcwtlvcl.WtlScrollBar	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2DE89781-DBF6-11D0-A30E-444553540000}\InprocServer32\ThreadingModel = "Both"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{164A68B6-3F90-47C2-85A7-1E4D8952EF0A}\ = "Multimedia File Transmit Manager"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mpeg\shell\openewnd	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.rmvb\shell\openewnd	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpm	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.ivm\shell\openewnd\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" /new \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.pls\shell\enqueue	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.idx\shell\openewnd	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.amv\shell\enqueue\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" /add \"%1\""	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{32E2BDD6-8812-42c3-A907-B9587C148EE3}\InprocServer32\ = "C:\\Program Files (x86)\\SPlayer\\csfcodec\\mpc_mxscreen.dll"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0430FE6-1621-41e4-A109-CA5B0C57FE1D}\TypeLib\ = "{39D95D36-F28D-489A-ABE6-48A29CBC3AF4}"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Collegesoft.McuFileManagerClient.1\CLSID\ = "{BAC04407-3588-42AA-93BE-6D3720E9FB28}"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.mp2v\ = "MPEG Media file"	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.evo\ = "VLC.evo"	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.m2p\DefaultIcon	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{665A4448-D905-11D0-A30E-444553540000}	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3FD0479E-D6B9-4629-9496-509D3D070918}\InprocServer32\ = "C:\\Program Files (x86)\\SPlayer\\csfcodec\\mpc_mxshbasu.dll"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Mpcwtlvcl.VideoFrame\ = "MPC VideoFrame Class"	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.rp\shell\open\command\ = "\"C:\\Program Files (x86)\\SPlayer\\splayer.exe\" \"%1\""	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.dsm\DefaultIcon	splayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.flc\shell\openewnd\ = "Open in new window(SPlayer)"	splayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SPlayer.rmm\shell\enqueue\command	splayer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
848	splayer.exe
848	splayer.exe
848	splayer.exe
848	splayer.exe
848	splayer.exe
848	splayer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	848	splayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
848	splayer.exe
2172	iexplore.exe
2172	iexplore.exe
1256	IEXPLORE.EXE
1256	IEXPLORE.EXE
848	splayer.exe
1256	IEXPLORE.EXE
1256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2648	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	31
PID 2404 wrote to memory of 2648	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	31
PID 2404 wrote to memory of 2648	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	31
PID 2404 wrote to memory of 2648	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	31
PID 2648 wrote to memory of 2740	2648	cmd.exe	33
PID 2648 wrote to memory of 2740	2648	cmd.exe	33
PID 2648 wrote to memory of 2740	2648	cmd.exe	33
PID 2648 wrote to memory of 2740	2648	cmd.exe	33
PID 2404 wrote to memory of 1568	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	34
PID 2404 wrote to memory of 1568	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	34
PID 2404 wrote to memory of 1568	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	34
PID 2404 wrote to memory of 1568	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	34
PID 2404 wrote to memory of 2052	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	36
PID 2404 wrote to memory of 2052	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	36
PID 2404 wrote to memory of 2052	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	36
PID 2404 wrote to memory of 2052	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	36
PID 2404 wrote to memory of 848	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	39
PID 2404 wrote to memory of 848	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	39
PID 2404 wrote to memory of 848	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	39
PID 2404 wrote to memory of 848	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	39
PID 2404 wrote to memory of 2172	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	40
PID 2404 wrote to memory of 2172	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	40
PID 2404 wrote to memory of 2172	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	40
PID 2404 wrote to memory of 2172	2404	852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe	40
PID 2172 wrote to memory of 1256	2172	iexplore.exe	41
PID 2172 wrote to memory of 1256	2172	iexplore.exe	41
PID 2172 wrote to memory of 1256	2172	iexplore.exe	41
PID 2172 wrote to memory of 1256	2172	iexplore.exe	41

C:\Users\Admin\AppData\Local\Temp\852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\852b1c668870b9e64ac7c23d5d75ee9e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c CACLS "C:\Program Files (x86)\SPlayer" /e /c /T /P Users:F
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Windows\SysWOW64\cacls.exe
    CACLS "C:\Program Files (x86)\SPlayer" /e /c /T /P Users:F
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2740
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\System32\cscript.exe" /b /nologo C:\Users\Admin\AppData\Local\Temp\pin.vbs pin "C:\Program Files (x86)\SPlayer\SPlayer.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1568
- C:\Windows\SysWOW64\cscript.exe
  "C:\Windows\System32\cscript.exe" /b /nologo C:\Users\Admin\AppData\Local\Temp\pin.vbs unpin "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk"
  2⤵
  - Drops desktop.ini file(s)
  - System Location Discovery: System Language Discovery
  PID:2052
- C:\Program Files (x86)\SPlayer\splayer.exe
  "C:\Program Files (x86)\SPlayer\splayer.exe" /adminoption 168
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:848
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.splayer.org/install.html
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SPlayer\PmpSplitter.ax

Filesize
236KB

MD5
dc1defde4f0b51bd17332586d0962786

SHA1
06a6da68883b7ef5f515f9df9d58004b502d15bb

SHA256
fc4d9fbdfebec64d2d7207ceba6fec4ad8ec2b210ee07775577d4435ea5ad8e5

SHA512
01fd15256abd24deb758e6007bef77184fad94e945192dd650d9b01798ed974675b60d818f2d570fda9b2a8c6f27d1ab2d38b342a464613079adfa34a2b4f83b

Download Submit
C:\Program Files (x86)\SPlayer\RadGtSplitter.ax

Filesize
288KB

MD5
7668248c3101e6cca0b88fc9ea99f6a3

SHA1
161c786cfb89fde589a5fa0c79ad2986541e3fc9

SHA256
7d6eeea0a3d1bdaf6d5e2bd13916836121026a6e37da2474296a8bcbbe538677

SHA512
94e7d68824c4e4ce1f58d909ee9906725cc27d70f03a52708fb6c1e9f797dda475609d4cf2f5907029a7aae535946e5caca2a73b7c58def126f1d1845a428ca1

Download Submit
C:\Program Files (x86)\SPlayer\binkw32.dll

Filesize
367KB

MD5
002cdf612509807b33e4ab09c686a966

SHA1
73a2ee8ec4c074b6a5c5485c615ee7ce230137e0

SHA256
2d0ae23a6175dc7b635c402a5e7e9542e923c0d1c376a8c5ef876ca0d5959d23

SHA512
e6d1c3f5e33ff8fc56b4798a6155ae76411ba9a234bea599338b7af424051943b1a2e666baa6935975df3d0354ba435962d1281b88b1ea17a77b1fbeb2cecca2

Download Submit
C:\Program Files (x86)\SPlayer\haalis.ax

Filesize
537KB

MD5
0dc0734ba778ef05933cd8a3d9a2fff1

SHA1
059ca431515adb37e7e52604f256cd699104f8a3

SHA256
e36bc4b191233fd848c52656c9aab63be9bc9f01ea163fd892b34f96b2e4b520

SHA512
2b13def6a3426975355fa445f6137bacbd9603ad4298f98357f2ec89689c99dc009b723a03e25647dcbb712a4788b5dabad61b5628b68e00fafb5b344acfc1a8

Download Submit
C:\Program Files (x86)\SPlayer\hotkey\SPlayer.key

Filesize
19KB

MD5
12af190be4930e536a952db0eec4b46f

SHA1
ac34d5c80c4562f543f8d008358067b28582708c

SHA256
4dc54bfbcb099d4e32fa28d0b473cba02fdbffd690a90ad6a3bec9582d3929aa

SHA512
b2a1b4b882e0e94a3b5a54d5f4c40fc8afec183725fe294986098c30d65de56ecee1fe63b24a0aabd08ce67ee33800bd65643986fd4d87a690a73b9dd025fe08

Download Submit
C:\Program Files (x86)\SPlayer\ir50_32.dll

Filesize
737KB

MD5
652809bf6fc8ff180094b069f0612188

SHA1
64109d748ea64ca1864bf7a2301c45c75970526c

SHA256
665060b8a30f7a90a1e39da936390bb8d0aa77824527d575b620715a4f826fee

SHA512
2ff1794e5c8f01b932850aef00f5cce088112b6dc9d3325fe5f25809c362f0b5410fc897579d017b99820988fcd94f40c2f2316f4a853bec6e86a7b6446dcc2a

Download Submit
C:\Program Files (x86)\SPlayer\lang\default

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Program Files (x86)\SPlayer\lang\splayer.cht.dll

Filesize
97KB

MD5
39f94b20a3636b8a80eeed94a6d9c298

SHA1
b6c57bbfec803ad9819a0a169dddefd815bbb96a

SHA256
0d925e33fb40965ce60d15086b695d70c5978123aad9a63f2b63b546bb8d3f92

SHA512
dd4d7ccc0434e24fa2e48bf1b801001769a58778e76dad14242280aa6433527a556803025c6ac6eefc773d9f3fc87b3a282bb89d83cc8bcfe3d2cb5f63904379

Download Submit
C:\Program Files (x86)\SPlayer\lang\splayer.en.dll

Filesize
143KB

MD5
2f36074aa61989ffbd4a4526cdf8b0da

SHA1
796dd2d2dd3d167dd6135d7cad63b9bf07cc1459

SHA256
0db8033ee250e0286882686926e4bfb05e88284c4769304ef47ab328bacd1acb

SHA512
e83c6bc68851837063bd6d22a8615d40918359f2d743181940410ebb1dce3dc352cad84f3be32561547ddb9640d290317c631011f6c55ac2a3d120974a80baee

Download Submit
C:\Program Files (x86)\SPlayer\lang\splayer.ge.dll

Filesize
138KB

MD5
52d7fb5ce858a29b8ea9214ea13d00d5

SHA1
c9c8a3cb46e2a78bf9423bb883fd6d7a47b30135

SHA256
65671d2c99a1dfdb5cc3434cbc756d984932aea78bdf93bb368ace42e0b86a8e

SHA512
7e544c46a10035fb3334e706cdf079b3b4abe775214da1a84da221f0cf3b35058e1df4264f47895f00482b7d54c4ef0aa0b693aad9779d7746b817e3fd0f1bf0

Download Submit
C:\Program Files (x86)\SPlayer\lang\splayer.ru.dll

Filesize
154KB

MD5
75b230a6690ac65d447008cb97fbffb5

SHA1
085716a846b39091de6a9dd459081cbe1ee5f306

SHA256
9dd6b4833e6eba558e6b78838a79b80b6da644aa36c50e44d56a78078b763071

SHA512
30630ba99defb4e58be7f50029e86ef9aea85c75e9e1645b1764072cc8f4481f7e1bbefc4d3b8aa96da54ee5a3d6f4a6a3c9686c6037faba11678c77afb216c1

Download Submit
C:\Program Files (x86)\SPlayer\mkunicode.dll

Filesize
24KB

MD5
8d803ebe525991e6c85ac047d39b569a

SHA1
4d1b5a9373f7cbce6e57ddf8edb1c49ccf0e73a6

SHA256
006d5f191260dc524c2565f5d13cabac9117b4e2e4fb43d9523f7272fe75626a

SHA512
8d3323d7b66d829b814c4edb6d5ca333ef2e194cf9400d9567f44fc11e4f169c69b314abf74fc9d3d237dca67dc5fcb915cb2bc8cb3cafcd81a5464062b9c95b

Download Submit
C:\Program Files (x86)\SPlayer\mkzlib.dll

Filesize
78KB

MD5
9df0f8c0acc5548f32906f6ea4d222b1

SHA1
28901f67977cc46ee6877fc3ee31544e07dc9612

SHA256
108937c0a47a4c9c72f57863973eadfb700f52a6cc2af6030f7c8e82e0b1fcb3

SHA512
c22fb8f702b3a5799aa5b4fa584931a746cadd70541fab51b682269425aeffe7a692e935219cdfc31d18e637c320e7d22b260682d7f1f2e39f32b05c7ef93ebc

Download Submit
C:\Program Files (x86)\SPlayer\mmamrdmx.ax

Filesize
252KB

MD5
e7d1fed458491c4963da4529756d46dc

SHA1
1365fe0182bfe3bb02956e19dc52969de54d0ff4

SHA256
c2f2db4855945052dc2e3f701db1f9b11beb42515f4d42b220402f3e917dbc73

SHA512
3ba43c0929a56335479d0795b40f74b7f90954143747545f229c201ab439dea8f87638613f20708dd5082373b683550dffd74d79c0bd91e3d7699ef10419096e

Download Submit
C:\Program Files (x86)\SPlayer\mp4.dll

Filesize
138KB

MD5
17cf953ae7ea3128f1a8d44a39746011

SHA1
b980baaf8f44755def237e3ab302c6339af85065

SHA256
1c395ae152eb47388fb33c1f922fe707cff578fb7fe19e1625cd1957094da0e8

SHA512
d3031f70ec0c3a2d3932c493acbaf6196bea4f7ee65e2c48b44e7857e532c411358e5b8687f14fd0ce0d4ae306121bbab110ffb8b8bf5ecb9848dfa05fcdb61f

Download Submit
C:\Program Files (x86)\SPlayer\ogm.dll

Filesize
120KB

MD5
43316f8a3072ce9ba9a82526e7f94987

SHA1
fadfef22c01325b087e7cf10061526a14270509e

SHA256
14ad96918ecd7790ec0f391fff07c1e5e23ac4d9608690a678dd22db5d241076

SHA512
675890e02b3e561dd50ca6395a024494da65ad5f412dd74ef230d1a79631da8db7f3ba9c608986355b109db3f7ffcb80a9cfe37988cbda1152295dca60990aad

Download Submit
C:\Program Files (x86)\SPlayer\rlapedec.ax

Filesize
136KB

MD5
f8dd535c7c145b18d31e00d40f1ffef8

SHA1
364e6d4019979dc64c9aaca14ca3663d8dd3d44e

SHA256
ff5fa90cbc2b77a730e3e97719f86500d3a3902ca0dda0383818731f76d4d0f7

SHA512
a9a41aff1607d14a30fbbbda528c62fb9cd7663a94e0265cb103a3975d137360fbb0a4b7260b324da12db95753f40c4bbc6f2de6bcadf34c6425d9136db596b8

Download Submit
C:\Program Files (x86)\SPlayer\sinet.dll

Filesize
1.1MB

MD5
e4db34edcdb4d5d0c986e7814379350d

SHA1
70e9fa2854ba1fee806b226556ef13f8a945c777

SHA256
1eaada50331eaa7b2b8c76ead762f03a5c532c1feb34673b2f72c68777d86eeb

SHA512
35a4dd9ce52626f254d92cedc945fbe916109b2916e02141bd459bf3e952b05765f2744b0e2b89cd7e62138ef1c7040348b7df203ab8cb4d987b1c206541c120

Download Submit
C:\Program Files (x86)\SPlayer\smackw32.dll

Filesize
94KB

MD5
9dcf8871a1c8fbf20fbd9cd8b332cea4

SHA1
97eb8b87be15b228c5498aebe9f384ec31d4570d

SHA256
f9b2fdb5ebc8e659c7ac132c213fcfd2eb059a1195a129121bb68ca21699e5e1

SHA512
6458152d4d86609670bd0aa41bf8bf19e259e77612836bd633dfa6fd9019b3b3c9cde9d52482fc6fc112fce0b89484e4607b877396149ffba9524189afef6e4f

Download Submit
C:\Program Files (x86)\SPlayer\sphash.dll

Filesize
169KB

MD5
175a19f025bc4de9b2eee839839dd22d

SHA1
81f47fce74eac77900d157b6eeddd690098172fe

SHA256
1d49fc762b93ce644d1e4a68579e3376a3d7544528ea1c08c345f1524f5fca7e

SHA512
b0d5d80c22cb3011481d4a9d6240d496794a7f70bfa78723423cefe8f62b0ba9c4d71e93638a1d970ef9787e3651096a7cf1b65d681caaa9510442d74dddf2a3

Download Submit
C:\Program Files (x86)\SPlayer\splayer.exe

Filesize
9.7MB

MD5
1a8242c5d3de6ea9b8f2ec2eeba49242

SHA1
865495edbf6b8071add8f416df8befe2e17b7f46

SHA256
3ada7893955515e4c2f4c549f0ad89badea9d2e980041b6d4449b84f111118c2

SHA512
369a705a0d490a3ef29504783323a0257fb9f0761a79fc8013054be0b1eb583f68945f9cf4e709c73b419288971c99c79bad43b3cb561422b247d468c66c2a04

Download Submit
C:\Program Files (x86)\SPlayer\ts.dll

Filesize
150KB

MD5
6258e2a978ab7fa47692ab2bb15bd32a

SHA1
b62c5f9a503b7412a9b68a40ca2c4bd431a7b481

SHA256
c82fd14b700df1112a23c36a9c8347cf3cb243cf79d5bbbfdc206a917b85aa85

SHA512
3b22c80b7d2998fc34b63aecb31a403cb9a18c8ae3da46ce1800970cdafe1c2f2f80fc9a858718096752aa92748fd3136c4c781cb752515672d4b8f186fd9697

Download Submit
C:\Program Files (x86)\SPlayer\unrar.dll

Filesize
165KB

MD5
26e08cdabeeb89d741303f0d61cf4cb2

SHA1
7d46c021500ccb362048141ccf2cf0c779917308

SHA256
23756a18f60b34961c2ab33e8b5e6ae81012f6c4e673690002b0bc5b5c7f02ec

SHA512
1959516d46a3e2d66d14cb3f56e450c8ffe68138def1d33c2e726d20c18b018dd0c33742fed7247e823028212f4e12cfe83b19d51423a482409024fdc7654fd2

Download Submit
C:\Program Files (x86)\SPlayer\vp6dec.ax

Filesize
320KB

MD5
55ca1bff59bded14d855aaa5c5c0a6c1

SHA1
b1399962b73f4891da59a038f585eb7006695ee8

SHA256
f076fc98171423cc95ca7cece2814c53b60b2b654df8ab4af0d790fa5e673be7

SHA512
06bb53c40fe3835d2b9140f870c0d56d8f8e233763a0b0bfc62b2ced1f34b4da706af98461f81cbc05b48c643179a5521fb976db6ba3146819342b0d8e78c444

Download Submit
C:\Program Files (x86)\SPlayer\vp8decoder.dll

Filesize
245KB

MD5
03b37a7ad33faf03a808a5521cc59bf8

SHA1
61062d2317482c09ce543615a8be6b7273b3de6e

SHA256
e7ed9dc077e00a2a9a5f47d3a4a9e0f06c10622840ccf27fae3185d0e65439b5

SHA512
36a8af342784a7bdf6316ed335956799a653e71811dd94a659056b5f13658d85c081375b7476ea6f237910f17d69bcebf8509525c8c5f0d042898342de51626e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ec4104471707509d2647c879897615ae

SHA1
01622bc68ea7f11b5916db9947bbe447cf7ec2ff

SHA256
ef372106ef5f44c312edc4863cad9762c2e2f03385ce294bf19de4ff28820990

SHA512
7e18caa825d3d47099ae99e89e733b57c269bdbeed054d508c2b7ac61e9537d61761ea65101400a6d5cfd8ad50faeef0d58f12d113f0913c246f1af1c84d26bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7af6e3eda2a7efdcace8c1d69f133bf

SHA1
8c2f79c7848dc2b591de21ba5989feb69fa0d54d

SHA256
c20ccee8968bcd8f84ab221e3b4c2b924a5e68470fbf0e02c004339ed5338b89

SHA512
d2764a3432cefc860fed28c0e630b61912d00ad15e93a832887d84e0a677717b309c2e94c6ad52036e0266a7d5358bcc2018ef519ce67d066b08772bfabf6d79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5087fef6251aee6efaa88a7a17992809

SHA1
a6450a1a5760ba16ebaee08f31daa462dc3e64ab

SHA256
43064a4710bfbb82cf8229809362c34af8b81b1ed355c9930bf3d619945a29e3

SHA512
9347ac5047f2e5297c3f2e3d8a80e2a418d7019f5a85fed6889824a32e70974747077a51c2350bfc5e66a9bf454e15203ddd6025ce8216a3face00b9a950b52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\a12b1d2ea42184a9fe91af479d7062b7c5edd7db-d910d7e4cf83fcedc65a[2].js

Filesize
17KB

MD5
ba88d3c4eb781112490fd448a99c9c5a

SHA1
e9b0ee6d74a8410755c5c9cd20cf83f60f70a52e

SHA256
5509ee8bc29bc9649cc47ba33384035475e25e5fa8989d158d4a63e1dc6b6379

SHA512
d334a1420954bb6e3854bdf0569f7d8c9408dd5abfc2f27cf3c2828816564df7d27281a6626ae8a09118ccd88ed33e501be0280a55e0599f5c47a8fb774af33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\component---src-pages-html-install-js-9e6e0dacb27c47032761[1].js

Filesize
15KB

MD5
a849a340464ad16dd250f973777646b0

SHA1
86a06941e30917f423270dd2893c8264b9f404a5

SHA256
3f5c98e8a28ddcce58366e2a0e32c282aaaf422a29ff4c013aecaf71e8ae56a2

SHA512
a040d42ac94c172b419e3660f7e2858570ad76c7240a66de9dbb4c778c34a7b52c1e086fbe8594ed0ca7b11dcef9055e1f3159b5925db44130b95ba5b14445d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\page-data[2].json

Filesize
189B

MD5
2bd3b462cf8f3d812f0f50a9e6415c89

SHA1
a26de7fd75920a3d3ebbc5dd6a7b3e30187681c3

SHA256
6b3eca327c98280f27ad0eee26c5d5395f0b1344947c9fe81458b3fea72d61bf

SHA512
4e93a5b2a18debb862607abf65cd68ee26bedce03f573a34f7518874d6857967ed4f2e263d1d8adb1afccd1d52043a1e8efbb49a77c39e24b729a967b8421bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\styles-2d82ac8e3afc0c213061[1].js

Filesize
61B

MD5
69b448910449c176093e31b420120873

SHA1
f47223933c2d4c3313fa4d7e506dab06469335d8

SHA256
512fca9d6671313a187ccfde6f39f95275cbf919b04c30d07b1472cc3c01f949

SHA512
4b95501ed7962b7da92d1576e2417e47cfeff2920afbe93b441269efe4c062bbbfc45d31d55116c6729f6adab16fb007d5822f0de860fb0e9f765b44f6ccd06a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\email-decode.min[1].js

Filesize
1KB

MD5
9e8f56e8e1806253ba01a95cfc3d392c

SHA1
a8af90d7482e1e99d03de6bf88fed2315c5dd728

SHA256
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

SHA512
63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\383f28772199ae2ebda5775566604c1cf97f8493-5cfcbace5d3d1ad3af27[1].js

Filesize
10KB

MD5
8a802f13e2d1551471b38d64b151c9b1

SHA1
4e64a6c5e902a28a5fc0557c703991dc700ff0e1

SHA256
a04e134f46cfda14ee45b8a998199e770bf792f361c70bcfa0d952bc5d8215f4

SHA512
55ff9b07f7c91aa849c0471b367c9064019b51d5e80239d0feb0ee67668921eb22d7a263bc3fe6a9235f6dee565a35c64ed585d41956040136c56ba84ea25d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\97778cc2e0f2764f32fba147b4805b9dd2ba2cc3-d9e800fc6b467a92b505[2].js

Filesize
43KB

MD5
897b9e5bfb1aa7b9bddf949ff1275fad

SHA1
df6250fc1f91572b0595e2def97391cc09bb5323

SHA256
a15eb26b84926cd3bae2a4fbda554fdb0cf5bd6513c69873787f54fa50e7ba55

SHA512
ec834ff22652fac4b177a7d14ba75ff6bb9696444d2e02b7856d60ab0e5d17ae0daaa8d996ccef135417fcc9991d19c7f7eeebc3ab920be1c2363e1fa09fdb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\iconfont[1].js

Filesize
41KB

MD5
b85b6f3bcb202bee738aa6b03dcc234c

SHA1
03fc41c26becc36fef795e73e1812d7ae713a0b6

SHA256
e95bb2ee7ab4bac998757e00512d90efb1ed5410c2f0254213e94f9c1a8280d3

SHA512
60622cd9a4d4c04ca066ba8bf939478200db75f6e769f6508479a795bee24f75d05e2d47bf7e0f9388f8e09d38ef11fa3415a0af583f6208dd3ce5d379e97943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\dc8293fce386ae0f3cbfd667d76b125396f3bc8f-d95d9cd711b7c3fb8288[1].js

Filesize
80KB

MD5
094636a7897342880174350ca04b6743

SHA1
01e1f96a118ce4c3282045685fb3ab92ecb09fd5

SHA256
9da380ff3aeb90f38623b5875b73074ae5065a90769b42f8ca0f804635ee1ef6

SHA512
b540534a494ee5d5355544dc2ada8f9857bfff5a788fb6544119402041ade0a9a82a27fdbb5dd5dbe5e38e910a26155feda38d0fe7aa6b725f1de57962f50a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\polyfill-9a93b9e9dbe6c371167e[1].js

Filesize
78KB

MD5
bb9d8994caa0f3ac8acec58cce50682f

SHA1
78c7b829fb51926a5dde76a2fa7c5d30b3ec1d67

SHA256
075909f8bcc1434897ffd994aabb909e35ab78dcececa9b61149fd0290c6a8eb

SHA512
67445a74b2c7a1a2a5f9162ea36342aad5adfea224e45aa8a31f9df5a328c8d46f6fa018f31f5e634709eec016573e67093fe65edd07d491e771f1af3422d5ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D8F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D91.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pin.vbs

Filesize
1KB

MD5
2612f70262c6641cddd6ffb88b2bf118

SHA1
4564e41168323750afb07152d716582cc56ab83c

SHA256
6f97f4bd0f72b6af58dc05b06df7568330dca4e5cf9a8eda335fb28e975f54a7

SHA512
93bc0a85f17e4f2f06326904887a4b4e1c466609d9127efa9bfaaad0af04cd39ebe62608a7cdfb10b74d8280f866b3019fc139e69246eb19a3e5231b5cf75612

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

Filesize
146B

MD5
343c5cf2edf71abbd8f14700f62360a3

SHA1
c216ad8680019fb153b9d63f4abd7214efc32852

SHA256
35f9737e127c5d2efeb0ce9a517f9c7fb8d7551b685e8160d7adc24555726f19

SHA512
c84fa3f6bf4d18e5f6128d454ddec2fcef290c06048f774c782b3cdf89d282a4633b5c0780d1dbdda8f574ac1a745172422b9911fd3cd5999450f41d814edb14

Download Submit
\Program Files (x86)\SPlayer\csfcodec\ijl15.dll

Filesize
364KB

MD5
1aa06c81a0621e277e755b965b5e4b5f

SHA1
4a6f2a8cb383192c80ee0b2c1deee3c795a0986a

SHA256
334aa12f7dee453d1c6cb1b661a3bb3494d3e4cc9c2ff3f9002064c78404e43a

SHA512
49a8ab45b176667c4dd69f86abe7c608cfa8f37af14f6326a2d56553adef08d9a416e79bf31a06e59653a487df539dc6aefa6ddedad0042477aea89bb215e9c7

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mcucltu.dll

Filesize
124KB

MD5
1aafc350fcc3dd779318b35a28da2dfc

SHA1
551ec6829b85ec06a8eed31514ae2c546ac89edb

SHA256
a8b3302278d43c5530569a7328d9466f4d3c2f09dddc2aa9edef7a243f7c7151

SHA512
43eff2803061121aef477ad313e9dcdddec1cae7bbafb70b9737f7a82cfc045a0fd0c52923f77b580fec82c7e23a35ba98116819500a4111b9712d4ed9d36ddf

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mcufilecu.dll

Filesize
92KB

MD5
ebc40e6239ac8f4f540707ee091dd30b

SHA1
2f830b951a68ce9700ef7a47fa2d3be9db285643

SHA256
2e551151c3fc7dc88a462f46bad62d8e2022ab6a7b3250da0eaa1d1bad81e1f3

SHA512
891016940c2ba93fde6b78101c661dd70534c462183da6776873d8b08351431e76d60ab70b84d82e11b98ec6d7e5c6f8b25c421408187331b4346ef85c0dd351

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mdssockc.dll

Filesize
108KB

MD5
58135a410b167716559dd10e4490af16

SHA1
cbd792cec4643d76b61fc9f96248a9fa92bb23ec

SHA256
77a7b542ceab4c9107201e207c093408bbecb1b8d0e1ebb818ba937df8cf731e

SHA512
8455aa9f09319ce276a7a22c1e6f96a01ca1cfaf5a4cf9ffe4be45f51da9ee4303ec1581c486f283f9eae3ecda474ce353ea3ea776226e151074a7fac3207bc8

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mtcontain.dll

Filesize
192KB

MD5
e0efe1dab943f136d263f3d85d2f1944

SHA1
763c2fe2ce37d479b5b5b716b95cbf29199cae33

SHA256
a46ff7bb0216e79265c550121ee6d2f0688e357e8633f5d394cfa6a55429bbb7

SHA512
4942d5d44df4c043d5bf397205f77300aff059a26a803708781e0f7e14423b485c1c551aa73dd83378df6ec6a51618b2a148412d426329b744a8ea946a452702

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mtcontrol.dll

Filesize
184KB

MD5
6378a2aca2d140475e829377bded3880

SHA1
37e0fcc9f89ee2bcaa46afe916b65c8be4ae6274

SHA256
746a1f508b20461fed66fdc950dd6c36707e88699b7070833d0dc8e83cc95a1a

SHA512
ae7ee08fa505120e30839fffb17583f12b7754d42d2948adc998067b2dae7dedb947947227ab2bb6eb38c71057342e551e792e8ad4780b45e35f6b3cc0c824e6

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxaudio.dll

Filesize
180KB

MD5
4c00d9f5ed7ccdf35d8cb3261a50caee

SHA1
e9f14d7d1536e2bca2c39b566a3ccd0340b93896

SHA256
39341a4960db493e8e06e8e6513ea80bde5100d922bf2d221b51079b8aa81605

SHA512
7265139f4ca7a9e56690f2c2abe57e5e67188d46316d401c1dcde6fe901566e71cba7167dffb2c09f64be62f74f358e34defae1313e68bb5cb914f2991fe8521

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxrender.dll

Filesize
180KB

MD5
456bb7c4af47a98ebdba68f9f820cfa6

SHA1
7b1199737077f14424044ca840bd19deb8a62c2d

SHA256
01b77e244cc16564cab082a0b7b74615b565bb23511afec8204d19d0cf70a772

SHA512
ea6b0d304e6c8e6769b94c59375aa20c10a56532cd0dacf8ad7fabfa37ee0dede62727c4c90c71b70cb4c7dd24d0c28329609f31a93eadbd0cbf4482b05bb3e0

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxscreen.dll

Filesize
248KB

MD5
9d1a9816646bac9e232b40d7c932097f

SHA1
56f0b418fb923ec327864a92c4c0e21f71de3de1

SHA256
f0d7d68678914d484461b1a8aec813d2d910d359d183881f4d0f6afba7933e20

SHA512
983079eb45559fc4fc3c9443e01c29aa798ca27b0ed57d213a55855a81075155a5c56d782e908505ba7c27ec624785a3077f422a6b4f9f1be2f47eb58d9550d3

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxshbasu.dll

Filesize
136KB

MD5
c5ed78a732e51b60630a15ea2781c518

SHA1
e3d62651deb96de39ad9994f7a9cbceab80ed481

SHA256
4a98a205dc397257be3b2f6ad8b7f7093bbb3f21a5d20ac85c34510972104014

SHA512
8fbfd3f6e9b4cdaa36455a618e5cf990d5ce78351bbbb017eabe304d62f03d9dadef4b1532613a07b8fbb5d5efe513dc28194aca146ab23dabfe2c5acefacafb

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxshmaiu.dll

Filesize
188KB

MD5
cc2697f85f4ed2da6d9834a093e5d6ef

SHA1
baf8384c631a30c3e676a940cca48fc050ec281b

SHA256
aa8e4cbd6317807590d66d20b13d1c1eb56d02e7321bd1a2c229b1a4ab9ec2cf

SHA512
8dfbd1261972e8b5ec55f76d8ddb12c8b7b6dd2329f70f5ad3d75049cd860e5d1d86357cf9a857bc09082094efc77bb22ae0760377b6e7524e311ececd57e344

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxshsour.dll

Filesize
164KB

MD5
e26ec8940c247bd5550eb08c97274f28

SHA1
cc63cc43237e6ca6a854a559b95013302368d1a9

SHA256
86e11729d88bce58030171d80bf456e948e98533506fbea5e8055297bfcb4f07

SHA512
81f3ecb3f68ec7815be5e69d7492711c1cbc7cdbd557fa7ed748564907687adf33f409ec99f36d0bf1e3fde0a71207741778a198052436909dd95f58dcda5803

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxsource.dll

Filesize
84KB

MD5
a2ee8a8baa29d10dd036eea89c2f21b5

SHA1
5a1ba9f59e9901e1a8421d55265a1794f6243cd2

SHA256
62cddf460794051d3145b26067ae598caee67c4960a8f8640c71edff7892d6cc

SHA512
8d6ebec85eb48a944b44f24d3f3b33e0c42a9295bf35eeed0daa0ef194db2bdff4e15922231891138bc9289e35b10328a123f0f3329585ee82d292fb33c3a751

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_mxvideo.dll

Filesize
92KB

MD5
0a32278b26203af0ca304f22f432b36e

SHA1
b750229b24b6923d738cf58577af96f078b826b2

SHA256
6413d173b2178f4b87a839c1daf78de960d2a6b1f35a9aeb6d830fbb5a3268ac

SHA512
2cd9ef4056045e3180f2ba548e26cbfbff23fbd6ff15ec6d8149363d8e8a81a672659b867aa7c6eaade9d94fb62d2bf7e6584fc812df7b7497062743e480a5b9

Download Submit
\Program Files (x86)\SPlayer\csfcodec\mpc_wtlvcl.dll

Filesize
496KB

MD5
0e80f8ce150718ea62678de24c7e8720

SHA1
2ede0f66d6264cc4291a7285e0f9e3ee6e8b0d21

SHA256
51527979f67748c5ab944c073d415a4cfb82067685af8242acd8e8de0a6f1201

SHA512
ad35542a9790e5d6f04a1e4fbd931cd636662998ee99f7997c059099ef19d7ce26ad3e46b21c0ded06922ae2bcbd100ac2f7ca66e87383317e2a84a8ca5dda51

Download Submit
\Program Files (x86)\SPlayer\ir41_32.ax

Filesize
828KB

MD5
e520af771051085a0d88f681b1e3aa07

SHA1
b8a03586b28e647ae9ee373828929049c391e34e

SHA256
57585b558c52bbf95c412993c679c41e712d1f2c60ec7525aa00fff020e2f6a7

SHA512
d72dfc3cb2893b7450f1276787b6c3b3f91d114d0c51e64b0fc2da8a36f6e21bbea16a538d6c65372c1fe563c03d6d456f048c3820ff2dddc3498bf06b055e2a

Download Submit
\Program Files (x86)\SPlayer\uninstall.exe

Filesize
169KB

MD5
1311c469673a17137c02a5dcd457b9cb

SHA1
a35bc4595ace24acbc0d680540c9d6d40d9a89a9

SHA256
cb142377f8334073680006ec77e68025fd092d797819a96b337eaa66867fc036

SHA512
574c82d036257b4c85ad7064077fe489d0b1d3866fb628ff94189d34595b66862469ce3d2bb36d5485a89d28c6d23bf347902fbb34d56311696ecaa1cafa2758

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB2FC.tmp\OCSetupHlp.dll

Filesize
438KB

MD5
b5ec60121dee1a742202d32089dfbdac

SHA1
3a03722c994f0fdaf69eb07db7c93502ee99dc72

SHA256
6b3483c1ab83ed1324cdcff141c96421c25fe1e1667f6d624861ce462778659e

SHA512
eb4cb4a587bd5449f6d36f96be1c2f79250fee50b9605fcf2ee074db3e2cd2e33fe35f56297d438b45106b1cd68d7de5995097609bacb18f94bed71df4d106f3

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB2FC.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nsyB2FC.tmp\nsDialogs.dll

Filesize
9KB

MD5
f7b92b78f1a00a872c8a38f40afa7d65

SHA1
872522498f69ad49270190c74cf3af28862057f2

SHA256
2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

SHA512
3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

Download Submit
memory/848-193-0x0000000002EB0000-0x0000000002EBA000-memory.dmp

Filesize
40KB

Download
memory/848-204-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/848-270-0x0000000002EB0000-0x0000000002EB2000-memory.dmp

Filesize
8KB

Download
memory/848-192-0x0000000002EB0000-0x0000000002EBA000-memory.dmp

Filesize
40KB

Download
memory/848-185-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2404-136-0x00000000049E0000-0x0000000004A11000-memory.dmp

Filesize
196KB

Download
memory/2404-139-0x0000000003EC0000-0x0000000003ED6000-memory.dmp

Filesize
88KB

Download
memory/2404-150-0x0000000003EC0000-0x0000000003EEF000-memory.dmp

Filesize
188KB

Download
memory/2404-146-0x0000000003EC0000-0x0000000003ED8000-memory.dmp

Filesize
96KB

Download
memory/2404-142-0x0000000003EC0000-0x0000000003EEE000-memory.dmp

Filesize
184KB

Download
memory/2404-132-0x0000000003EC0000-0x0000000003EEF000-memory.dmp

Filesize
188KB

Download
memory/2404-129-0x0000000003EC0000-0x0000000003ED9000-memory.dmp

Filesize
100KB

Download
memory/2404-126-0x0000000003EC0000-0x0000000003EE1000-memory.dmp

Filesize
132KB

Download
memory/2404-121-0x00000000049E0000-0x0000000004A5C000-memory.dmp

Filesize
496KB

Download
memory/2404-117-0x0000000003EC0000-0x0000000003EEA000-memory.dmp

Filesize
168KB

Download
memory/2404-110-0x0000000003EC0000-0x0000000003EE3000-memory.dmp

Filesize
140KB

Download
memory/2404-113-0x0000000003EC0000-0x0000000003EF0000-memory.dmp

Filesize
192KB

Download
memory/2404-103-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download
memory/2404-100-0x0000000003EC0000-0x0000000003EDD000-memory.dmp

Filesize
116KB

Download
memory/2404-39-0x00000000049A0000-0x0000000004A64000-memory.dmp

Filesize
784KB

Download