guerrilla | 500cd8d0e8d7eb3cf7da63dd93978bf36a07fdc6b5a844de30cf84ccb38eedc4

Analysis

max time kernel
361s
max time network
364s
platform
windows11-21h2_x64
resource
win11-20250217-es
resource tags

arch:x64arch:x86image:win11-20250217-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
01/03/2025, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_es_1009_ld.exe
Size

2.1MB
MD5

2b259cd02570e0d7103c70fe9a9e4d17
SHA1

035fe918c59274c1fc662e7d88d0d92d1150fa19
SHA256

500cd8d0e8d7eb3cf7da63dd93978bf36a07fdc6b5a844de30cf84ccb38eedc4
SHA512

2547a8b631ca07270668741612a8a0d3935008a98ab538f6a14fb1cf3e8d2d82ae7bbe9fe22a495b32ee16b038aaa268b2750ed42705fbf6d080249279cdcb27
SSDEEP

24576:Ezvv2Jddh0hXxwQNBH5ffUX5zAEefc5Urz5Eo7zrrdXbETyLAyNBN/8LcpmZQ4J/:22e1iify35cdrrFJAWb/8amDe8hSSw0r

Score

10^/10

guerrilla discovery execution exploit infostealer persistence privilege_escalation rat trojan

Malware Config

Signatures

Guerrilla
Guerrilla is an Android malware used by the Lemon Group threat actor.
trojan infostealer rat guerrilla
Guerrilla family
guerrilla

Guerrilla payload 2 IoCs

resource	yara_rule
behavioral1/files/0x001900000002b0f9-284.dat	family_guerrilla
behavioral1/files/0x001900000002b0f9-285.dat	family_guerrilla

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2000\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID"	regsvr32.exe

Possible privilege escalation attempt 9 IoCs

exploit

pid	Process
816	icacls.exe
1056	takeown.exe
4648	icacls.exe
4932	takeown.exe
792	takeown.exe
712	icacls.exe
3488	icacls.exe
1904	takeown.exe
4244	takeown.exe

Modifies file permissions 1 TTPs 9 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4244	takeown.exe
1904	takeown.exe
816	icacls.exe
1056	takeown.exe
4648	icacls.exe
792	takeown.exe
712	icacls.exe
3488	icacls.exe
4932	takeown.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	LDPlayer9_es_1009_ld.exe
File opened (read-only)	\??\F:	LDPlayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
45	discord.com
54	discord.com

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5Widgets.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcr120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\crashreport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-private-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libcurl.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup-PreW10.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedFolders.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-handle-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-rtlsupport-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\loadall.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-namedpipe-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstVBoxDbg.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VMMR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetAdpInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstInt.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxAuthSimple.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetDHCP.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vcruntime140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l2-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5PrintSupport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStub.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-profile-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-private-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\EGL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBugReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-interlocked-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libssl-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll	dnrepairer.exe

Executes dropped EXE 15 IoCs

pid	Process
796	LDPlayer.exe
4532	dnrepairer.exe
3012	Ld9BoxSVC.exe
2672	driverconfig.exe
3620	dnplayer.exe
2216	Ld9BoxSVC.exe
4512	vbox-img.exe
4084	vbox-img.exe
1920	vbox-img.exe
420	Ld9BoxHeadless.exe
1708	Ld9BoxHeadless.exe
724	Ld9BoxHeadless.exe
2676	Ld9BoxHeadless.exe
3324	Ld9BoxHeadless.exe
2216	LeoMoon CPU-V.exe

Launches sc.exe 6 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3592	sc.exe
2980	sc.exe
2088	sc.exe
4604	sc.exe
2056	sc.exe
2160	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4532	dnrepairer.exe
4532	dnrepairer.exe
4532	dnrepairer.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
3012	Ld9BoxSVC.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1572	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
1436	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
476	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
4260	regsvr32.exe
2672	driverconfig.exe
2672	driverconfig.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe
3620	dnplayer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 39 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_es_1009_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LeoMoon CPU-V.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	systeminfo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers system information 1 TTPs 2 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4520	systeminfo.exe
1032	systeminfo.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\ = "IMachineEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\NumMethods\ = "95"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\ = "IMachineRegisteredEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799a-4489-86cd-fe8e45b2ff8e}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell	LDPlayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\NumMethods\ = "16"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A161-41F1-B583-4892F4A9D5D5}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}\ = "IDnDTarget"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ = "ISerialPort"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ = "IRangedIntegerFormValue"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A2-41AF-A05F-D7C661ABAEBE}\ = "IVRDEServer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\NumMethods\ = "15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ = "IUSBDeviceFilter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-ac97-4c16-b3e2-81bd8a57cc27}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\ = "IDnDModeChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58d9-43ae-8b03-c1fd7088ef15}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\ = "IMediumFormat"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\ = "IDirectory"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E72-4F34-B8F6-682785620C57}\ = "IExtPackFile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35f3-4f4d-b5bb-ed0ecefd8538}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods\ = "28"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\HELPDIR	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6679-422A-B629-51B06B0C6D93}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5a1d-43f1-6f27-6a0db298a9a8}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}	regsvr32.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2	LeoMoon CPU-V.exe
File opened for modification	C:\Users\Admin\Downloads\leomoon-dot-com_leomoon-cpu-v_win.zip:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3324	LDPlayer9_es_1009_ld.exe
3324	LDPlayer9_es_1009_ld.exe
3324	LDPlayer9_es_1009_ld.exe
3324	LDPlayer9_es_1009_ld.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
796	LDPlayer.exe
4532	dnrepairer.exe
4532	dnrepairer.exe
3280	powershell.exe
3280	powershell.exe
2576	powershell.exe
2576	powershell.exe
3512	powershell.exe
3512	powershell.exe
796	LDPlayer.exe
796	LDPlayer.exe
3324	LDPlayer9_es_1009_ld.exe
3324	LDPlayer9_es_1009_ld.exe
3568	msedge.exe
3568	msedge.exe
2068	msedge.exe
2068	msedge.exe
996	msedge.exe
996	msedge.exe
3432	msedge.exe
3432	msedge.exe
6132	identity_helper.exe
6132	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe
5532	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3620	dnplayer.exe
2216	LeoMoon CPU-V.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found
688	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe
Token: SeDebugPrivilege	796	LDPlayer.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3620	dnplayer.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
4464	7zG.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
3620	dnplayer.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 796	3324	LDPlayer9_es_1009_ld.exe	77
PID 3324 wrote to memory of 796	3324	LDPlayer9_es_1009_ld.exe	77
PID 3324 wrote to memory of 796	3324	LDPlayer9_es_1009_ld.exe	77
PID 796 wrote to memory of 4532	796	LDPlayer.exe	78
PID 796 wrote to memory of 4532	796	LDPlayer.exe	78
PID 796 wrote to memory of 4532	796	LDPlayer.exe	78
PID 4532 wrote to memory of 3440	4532	dnrepairer.exe	79
PID 4532 wrote to memory of 3440	4532	dnrepairer.exe	79
PID 4532 wrote to memory of 3440	4532	dnrepairer.exe	79
PID 3440 wrote to memory of 1676	3440	net.exe	81
PID 3440 wrote to memory of 1676	3440	net.exe	81
PID 3440 wrote to memory of 1676	3440	net.exe	81
PID 4532 wrote to memory of 972	4532	dnrepairer.exe	82
PID 4532 wrote to memory of 972	4532	dnrepairer.exe	82
PID 4532 wrote to memory of 972	4532	dnrepairer.exe	82
PID 4532 wrote to memory of 1372	4532	dnrepairer.exe	83
PID 4532 wrote to memory of 1372	4532	dnrepairer.exe	83
PID 4532 wrote to memory of 1372	4532	dnrepairer.exe	83
PID 4532 wrote to memory of 3396	4532	dnrepairer.exe	84
PID 4532 wrote to memory of 3396	4532	dnrepairer.exe	84
PID 4532 wrote to memory of 3396	4532	dnrepairer.exe	84
PID 4532 wrote to memory of 1444	4532	dnrepairer.exe	85
PID 4532 wrote to memory of 1444	4532	dnrepairer.exe	85
PID 4532 wrote to memory of 1444	4532	dnrepairer.exe	85
PID 4532 wrote to memory of 3472	4532	dnrepairer.exe	86
PID 4532 wrote to memory of 3472	4532	dnrepairer.exe	86
PID 4532 wrote to memory of 3472	4532	dnrepairer.exe	86
PID 4532 wrote to memory of 4988	4532	dnrepairer.exe	87
PID 4532 wrote to memory of 4988	4532	dnrepairer.exe	87
PID 4532 wrote to memory of 4988	4532	dnrepairer.exe	87
PID 4532 wrote to memory of 3752	4532	dnrepairer.exe	88
PID 4532 wrote to memory of 3752	4532	dnrepairer.exe	88
PID 4532 wrote to memory of 3752	4532	dnrepairer.exe	88
PID 4532 wrote to memory of 4244	4532	dnrepairer.exe	89
PID 4532 wrote to memory of 4244	4532	dnrepairer.exe	89
PID 4532 wrote to memory of 4244	4532	dnrepairer.exe	89
PID 4532 wrote to memory of 816	4532	dnrepairer.exe	91
PID 4532 wrote to memory of 816	4532	dnrepairer.exe	91
PID 4532 wrote to memory of 816	4532	dnrepairer.exe	91
PID 4532 wrote to memory of 1056	4532	dnrepairer.exe	93
PID 4532 wrote to memory of 1056	4532	dnrepairer.exe	93
PID 4532 wrote to memory of 1056	4532	dnrepairer.exe	93
PID 4532 wrote to memory of 4648	4532	dnrepairer.exe	95
PID 4532 wrote to memory of 4648	4532	dnrepairer.exe	95
PID 4532 wrote to memory of 4648	4532	dnrepairer.exe	95
PID 4532 wrote to memory of 792	4532	dnrepairer.exe	97
PID 4532 wrote to memory of 792	4532	dnrepairer.exe	97
PID 4532 wrote to memory of 792	4532	dnrepairer.exe	97
PID 4532 wrote to memory of 712	4532	dnrepairer.exe	99
PID 4532 wrote to memory of 712	4532	dnrepairer.exe	99
PID 4532 wrote to memory of 712	4532	dnrepairer.exe	99
PID 4532 wrote to memory of 3012	4532	dnrepairer.exe	101
PID 4532 wrote to memory of 3012	4532	dnrepairer.exe	101
PID 4532 wrote to memory of 1572	4532	dnrepairer.exe	102
PID 4532 wrote to memory of 1572	4532	dnrepairer.exe	102
PID 4532 wrote to memory of 1436	4532	dnrepairer.exe	103
PID 4532 wrote to memory of 1436	4532	dnrepairer.exe	103
PID 4532 wrote to memory of 1436	4532	dnrepairer.exe	103
PID 4532 wrote to memory of 476	4532	dnrepairer.exe	104
PID 4532 wrote to memory of 476	4532	dnrepairer.exe	104
PID 4532 wrote to memory of 4260	4532	dnrepairer.exe	105
PID 4532 wrote to memory of 4260	4532	dnrepairer.exe	105
PID 4532 wrote to memory of 4260	4532	dnrepairer.exe	105
PID 4532 wrote to memory of 3592	4532	dnrepairer.exe	106

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_es_1009_ld.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3324
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1009 -language=es -path="C:\LDPlayer\LDPlayer9\"
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:796
- - C:\LDPlayer\LDPlayer9\dnrepairer.exe
    "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524930
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4532
  - - C:\Windows\SysWOW64\net.exe
      "net" start cryptsvc
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3440
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Softpub.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:972
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Wintrust.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:1372
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Initpki.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:3396
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32" Initpki.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:1444
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" dssenh.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:3472
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" rsaenh.dll /s
      4⤵
      System Location Discovery: System Language Discovery
      PID:4988
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" cryptdlg.dll /s
      4⤵
      Manipulates Digital Signatures
      System Location Discovery: System Language Discovery
      PID:3752
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:4244
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:816
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:1056
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:4648
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\Users\Admin\.Ld9VirtualBox" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:792
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\Users\Admin\.Ld9VirtualBox" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:712
  - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
      "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3012
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
      4⤵
      Loads dropped DLL
      PID:1572
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1436
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:476
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4260
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:3592
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" start Ld9BoxSup
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:2980
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:2088
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:4604
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c systeminfo
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
    - - C:\Windows\SysWOW64\systeminfo.exe
        
        systeminfo
        5⤵
        System Location Discovery: System Language Discovery
        Gathers system information
        
        PID:4520
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3280
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2576
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3512
- - C:\LDPlayer\LDPlayer9\driverconfig.exe
    "C:\LDPlayer\LDPlayer9\driverconfig.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2672
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:1904
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f "C:\LDPlayer\ldmutiplayer\" /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:4932
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/ykt8hgSabz
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc47673cb8,0x7ffc47673cc8,0x7ffc47673cd8
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
    3⤵
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:1364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=3612 /prefetch:8
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=3604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:5636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
    3⤵
    PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
    3⤵
    PID:5876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
    3⤵
    PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7324 /prefetch:8
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7324 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
    3⤵
    PID:4600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
    3⤵
    PID:5396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=6168 /prefetch:8
    3⤵
    PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
    3⤵
    PID:1400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
    3⤵
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
    3⤵
    PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
    3⤵
    PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
    3⤵
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
    3⤵
    PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
    3⤵
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11270793645233729971,853781704744040041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1260 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5532
- C:\LDPlayer\LDPlayer9\dnplayer.exe
  "C:\LDPlayer\LDPlayer9\dnplayer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3620
- - C:\Windows\SysWOW64\sc.exe
    sc query HvHost
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:2056
- - C:\Windows\SysWOW64\sc.exe
    sc query vmms
    3⤵
    - Launches sc.exe
    - System Location Discovery: System Language Discovery
    PID:2160
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c systeminfo
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1192
  - - C:\Windows\SysWOW64\systeminfo.exe
      systeminfo
      4⤵
      System Location Discovery: System Language Discovery
      Gathers system information
      PID:1032
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
    3⤵
    - Executes dropped EXE
    PID:4512
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:4084
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/blog/94.html
    3⤵
    PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc47673cb8,0x7ffc47673cc8,0x7ffc47673cd8
      4⤵
      PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/blog/94.html
    3⤵
    PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc47673cb8,0x7ffc47673cc8,0x7ffc47673cd8
      4⤵
      PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/blog/94.html
    3⤵
    PID:5356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc47673cb8,0x7ffc47673cc8,0x7ffc47673cd8
      4⤵
      PID:572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B0 0x00000000000004D4
1⤵
PID:4612

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:2216
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:420
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:3324
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3152

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap8982:128:7zEvent32019
1⤵
- Suspicious use of FindShellTrayWindow
PID:4464

C:\Users\Admin\Downloads\LeoMoon CPU-V.exe
"C:\Users\Admin\Downloads\LeoMoon CPU-V.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
PID:2216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
991d1bba05aa3693751244ea1396e8a5

SHA1
6a47cefe0d61dc2da6bd74bd5680b60b14068cb1

SHA256
30cfc6868a700ead34f1204e94756a29af7ffbf66f56b85f2c46ebffe58b4dc4

SHA512
4102f9dd736c1354df5407b785bebc7fd9947ab090ed653ae53fd036419b1efea05a44b0c809fe2a0969ad157ce3e7b65360ffbb6127aeb69f1de99e8139ab03

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
31846605a88effd005858b24af7a084f

SHA1
2699b6b7c6540e23a03e8ca6dcafc7090e9fba3f

SHA256
fe992f040b5ccfad34b334c239c96aa2f5a049152880e77005a88b60a2b22a20

SHA512
32fd6775aa4b48901a5352caa74f1e8c434cf3ad5d2394911f258f3ca82cbcf9eadc8c127903b4a8074bf3a6d44f0b2d504767a5eaf4f52fdc2b1e016cbb4f37

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.7MB

MD5
ae4ac18ed6b83e607a0d494c83f1d6a4

SHA1
831507f1a3daf59f91b501406478af00b75b32f6

SHA256
5dffb7efc7a3dbe95faff2273d9bbd5ac43efba34d36b47e8ceff879df35d942

SHA512
96e638f23f2ddaaf65183b9824a71cd78c6891686a098d4c27e1aa971fdf88253cbfe1af01667e07a36e3015765c0fe99e4b62ca5f4001878f9fc39a67cb0295

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
ce174218a7eaa12f8dac07e3de02d51a

SHA1
c240f3c56d16109e887544a6bf77f2008b51e601

SHA256
612842c712be323b23b8a511f16e10d0b1577a8d359fbb432fe5ea5b3b2f744c

SHA512
b18dac88b8300134d1da89d505089dca8a7c9bec6b934928f505b737a9252082662b0519534f803d0bc5d4e53dad257b246e0e5a70c3ba0ff34da43a4493480d

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
5.6MB

MD5
f20459d482efc1f884ef1e3663a16513

SHA1
485f324b39b3911ff61e1161ce35bf9e6232323a

SHA256
2542b1552de42d2f94018465532283dcc7cc34f25ddc9382292e09d0f48413b1

SHA512
24355c05f875734c4062c101b15dbd780391a100a782ad82d2c35422a2d8b02743e1b79688021b516f19cd2e3b80b97dacbdaed27b8ca7a9b53c0e4cff223987

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

Filesize
314KB

MD5
e2e37d20b47d7ee294b91572f69e323a

SHA1
afb760386f293285f679f9f93086037fc5e09dcc

SHA256
153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2

SHA512
001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\phones.data

Filesize
5KB

MD5
fdee6e3ccf8b61db774884ccb810c66f

SHA1
7a6b13a61cd3ad252387d110d9c25ced9897994d

SHA256
657fec32d9ce7b96986513645a48ddd047a5968d897c589fbc0fc9adb8c670f4

SHA512
f773f6fc22adadf048b9bfb03e4d6e119e8876412beb8517d999f4ed6a219e2ba50eded5308d361b6780792af9f699644e3a8b581a17d5a312f759d981f64512

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
815.4MB

MD5
b069766dae2e05bb63ae45c8f8b7dd4f

SHA1
d38d03aef13d8e1afb29fd98b8ca625787f52083

SHA256
151842584eb69423a34a9eda3d66145d4dd8e019680125cac8af3d7195645eff

SHA512
4d03c82dabbbb87c916c7fcb77745eeee2c6156a71327246f093ce899f8a5842c861060ed4ff0847272979709f909b96e0cb14e06aa69b704502d712220a02d4

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1678.3MB

MD5
244fcbc717ef091cfa245cdae01b1900

SHA1
0d7adde47c0d91cd74bde49091161d3be7a9081e

SHA256
1b52610dda110850e0f86ad76004c9ca8fcd888ccbc7d69d053ce9cc665de67d

SHA512
6eccf3ce56e4738f092ee6e7ce486c9c8874bf1c0787d8736b155baca3ee6251aa8dee130fbd5ce678ff2d0ee72f72f32bc7283f4ee51e22019c7b2a4d7ec7f6

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\EGL.dll

Filesize
532KB

MD5
0e0d254947f70b39c0a4ddd35fb2fd5e

SHA1
ad284232a5426e67e503e561b795bde2ab50230e

SHA256
c58fb8bfdbb981428db36f1c2cac5647f16a09ba7cd263751c6c4d6eac2faf2e

SHA512
12b496c04e18091c4c7bb65ebeb227f71edb83012d24699aa1a7061e214d6f30eb51bb47ad472699413f16d8b639bb25f36171827ff6f3f07fe5d438384be70c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES12Translator.dll

Filesize
379KB

MD5
a1a2d707df004719adb1daf4b83952db

SHA1
e51f2b534e4f52c495078a8510ecb0447e096add

SHA256
16d7314fac77435e27a93e94610483b3276e4fd98962c30530e98a4cef296ead

SHA512
60ec8ea60e7cb9d6b3566a24bcc19468c61f0e0d13a0e624aa2d566a0e20b4ea6a6215aea78755fe666eb6e486494d788e83d55274e84ee2ac7320aad8e43354

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_CM.dll

Filesize
1.0MB

MD5
820020283c3fa7e746505989d9c3ada9

SHA1
35362f481aa772e014765604970069d9f6c76dcc

SHA256
ec4212657512224590694372e8a2dfe31304e400a452a2f6e23c6a8bf6396728

SHA512
e9420e8aafce05f55c378f2231493f234016d4579bbd67c1a05c58d1911e316b1ccda6ca5e3d63020aeeb2c9c4c5eec379e0c86659fbc6c60c1190fbcf1aec9a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2.dll

Filesize
2.7MB

MD5
d9ede19b3680d85101e9d5ef357e659a

SHA1
4bed0f0ccc04b768ae2b303c6b6af778ae430a2c

SHA256
f32c51c7d3a50990c290dd896b8963efbccc523706ab0d6c7fe83a715cd09199

SHA512
083d6c5f289b24adc5497825a408e0070246495f64e366599200913dc07b91a0a3dc4cf9a92a600d3c51d42d9b8495c580d529961c035137e8c3116a757e440a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\GLES_V2_utils.dll

Filesize
1.6MB

MD5
08f6a75a4eaafb266bf60d2244e066d3

SHA1
9eb05f9ab28ca7003c150ed3a6685ee94d530b7e

SHA256
72361771aeb4c4a3f83c92b3f9c55f83698198720d2f76d79a12afb0b29d1131

SHA512
b684970ac3419d40ecc91c175eb2f1ea6fd45bff63a279a2b0e8153a0964b1ff45e839d6f13dbd1b4ae80adcf02ca7d3b6cd562ac00d4335bcc2651f37963ef5

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-console-l1-1-0.dll

Filesize
18KB

MD5
cde2424d99db56dd0d1eaf34811738c1

SHA1
cc7889c43729b93a4e193b2fd6ae5f22b6ad6b8f

SHA256
4ceaf28cadfd0929b44e9c686b93432a7151504c8ffe2a6afe516f9b16538131

SHA512
d5b8ef2de3fefde29b2c9cccb330c3076ba71d6ae29e1b34617057d8a832d37eae8e2f238e2abb6eb226453c00a835c669a7c03a00cd1698d02272d8eb6998e2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
17KB

MD5
acf4321ac8c8ff4d0442c799d621f8d9

SHA1
b12f87e6afc48697f1ce8b587715361e89b79cae

SHA256
69b84f7318798a91143e3d273ae9c0bedaabba930e3702447d493e2b8dd70725

SHA512
7878a7cd62f9d259a6bab05e13e9ac5b16437c0d8bda46e864f205465ae19531e5655d7547ae1594a53a05ddeb8b0c6058a73caeb21cd7c81fe5a424303d3bde

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-debug-l1-1-0.dll

Filesize
17KB

MD5
3c47c25b8141d20b2b4d576000000a61

SHA1
04543f9cdd847ff66389c9fd1e12b444dae6383a

SHA256
290030199e8b47d6bcf466f9fc81fee7e6aebc2c16a3f26dd77019f795658956

SHA512
c599ef06045583b28faac051909c28f5f2fa56c34d47f3bd49efc101a1cdcb571a298eb100d0b381e3ebb1ba19b2fb4dd5127f259eb8ab183753722ecbe0f10a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
18KB

MD5
e05ce0232e64328c62c9da37698566bf

SHA1
50c25e6ecec2cd17ecf3117bb9a646ba107d2b84

SHA256
573aed3f3eb436f9b7c24d51be3be2105deb8149ebda9b964660930c957b2410

SHA512
8093bd5d1ad96d759a5d9183fca27d7cb756e0884776673f132d20119e602ea33f8121893b9b90965b0eb5710e244faf4e2ad738479998fc2c5dc37f83fe18cb

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-1-0.dll

Filesize
21KB

MD5
a26c7ffcf18b62904dab7786de638ea6

SHA1
b28489bc38ee2f522ee83dcf49faeb96f39a77e3

SHA256
74075b7af84378cee0d035c020b320ee52a120b21f71a4972093c9e23d534830

SHA512
768c8d7818acacf83d8bd020ab239408673f6cf9e0e8f1be1dab2dd58c5df4e45b970baf7d8d09887280be0788790eacd6126274deaca6b1c4b7bad3e335b34f

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
6a55a7e284b51b086b63cc6f2061ce8b

SHA1
46a48a1ccf5262038b71ed4be09cf625009d078d

SHA256
d9973270a952b4ce615104520051e847b26e4b1cc330a5a95ba1ae128f0dfdeb

SHA512
6a6ba643bf15581cd579e383bac351ccae714d50453cff52cac7dcf5bd472a170e7d33b0509c7bd50c5e76e8a0304fa88dcad63a9e2cd0694a5c56f4a21ae363

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
6e38a6bed88e1c27155e4dc428188ef0

SHA1
8b47a1960ed157f7beeb80fa4a16a723279c4efa

SHA256
144d3a28e43e47fc1cce956255cc80467d4a6fbbb8f612ec6d85f62de030a924

SHA512
3b801875bc5a483eea6d6cc43015e759ee1f66c12585f698cb92368455f25b5309617c8beae39945cadb57009a9c9a9ce21c18dec28e86097c67d8fc5f9febab

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-handle-l1-1-0.dll

Filesize
18KB

MD5
9304209688e2a18d0b26997bc78fda7a

SHA1
5d4332cf1c5123418c6419d0291486c3939e8785

SHA256
d6bc1509fd2d4ea07e661f2f59395b4d71907d16f59942443a5d460df343dbf4

SHA512
5952e192b6150055bc88e672fb0254bc962abd27afb5c30cd0f52ede98ad84eba9966d721b3b6602116ff40ad5c489a24eac35dde77397db88aa46ad2bd18960

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-heap-l1-1-0.dll

Filesize
18KB

MD5
f42a84d78a5a15ff1a4dbac591e95783

SHA1
1cd5b5e68fd729bdd340463b53728634d342b0cd

SHA256
f60267cab87dfc1accf912c212186112aba38742f621549d6bc8d67e217e7234

SHA512
89ba6571df642dbac769c72914b30f2d27107f023a9e1cbb0c6f5412b6a69d414cd99f29de07d06592c7ab9cdfc558f3b65b7050921bd442c01417bac0a850f0

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
18KB

MD5
9f286e57e5b1c1a347adf9eef059ad5d

SHA1
631aa1aa364234acc5ad20b27f926e9cb9ee4276

SHA256
f93ddef4ac14ef778790f3f00057ab6cafc0c99dff52cc24f523d63917719970

SHA512
6df20707ccda0cf9916b7c00b11a4a82b47a0f6e87c6eba0f38e440e143b4aa6e5b48f67d09a9eeef75da2aadfbb5abc7e62362f50d674bb8a532e290699a197

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
18KB

MD5
beaae8294db31afa04fa60795c6e02ae

SHA1
8a32ebd843e461864747fe0aebf4bbf83c4ec093

SHA256
f8e8d85035bcb478ce2ab47a6476a8c756a7c8fa05bad66b9a03ece6a2ced141

SHA512
dd1a75943401ae5d20c9ee023ba77000db9433a643ec2f102cd3a72faf274deb3611954557c81120d81ff447f86b7309cec1c9005ab37ed7bb48d6e6c239b135

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
2ac1289e4dbab076b332869bef26d3ce

SHA1
60570ddd06b671e26c6a814b9c08cdfa0ef38aba

SHA256
6475f20f46814d28845c2fa73e9c283a8504483fa16d911325588c778cf76c26

SHA512
e226fb4739d66e2c4624a9e01ec00dbe3b37dc96995eec35660208d76a9e6758a2a29be1b7986d14074df23ea0fc39d2ce121b7bd32c553371c1b15ff3e2ef7a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-memory-l1-1-0.dll

Filesize
18KB

MD5
a2661a468bb87ee9cc5dee968fd3805c

SHA1
9b17fbd552e34888f1453f9113ff4c42efaf6d6a

SHA256
dc41da54e717aef60228ee11d10669c31d3ddd532eee9ecad944c09b71b762dd

SHA512
b5c01cb3c991fcf8945c764b853f8a32fce324f01562107e086dd998a1b31f9285a0d645c96052b94c955f3626691c3ca2cc9e04d8594a0a7c042530549f1aa3

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
18KB

MD5
acbfc011d5842ba60c372ba3d222ab70

SHA1
16b8014060a04bb03215f6ce4c118bae48653bd5

SHA256
b0ae48eb5ff51fa038e1ed23c7c48d266c20c2af3f9907ee6906bb0346df7f9e

SHA512
dce34d64e6674b67c7c6e7c34886c1ede2967e6af7cfe2addfe51fcf70780a33d7308e7ce81a80149034b8f910c045b3ea81f458d9227448fc4b339dc05a59d3

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
19KB

MD5
19d14d348ac38737431a7ee2f82973e6

SHA1
11cd8f5dc5c08d133b9b006da5c84946f012cbb6

SHA256
1cd9cff9f7d24b22993a207cb81f15ce2792fa5f941e77e8280db00db6a273ae

SHA512
b3bf7426150bf3b933db4670db3b7d22530c7087efeeab0ddacfbb0bffc01aabdac68e535c7298b13a42530a1aab2340203874b5382581f59309ec9465f6a0cc

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
20KB

MD5
ea0e13feac13dc18c79eb682bef4676e

SHA1
b9db47624345c68cf07bd2677df537e0f975caf9

SHA256
2658242ccd090181ed944f682c435e5fb880f3b21d1811d43b93478901d701b0

SHA512
540b9f8b18d42e551f13de3d4a6f0f821ea23e4c85a6346b84e8b74d02cfb5413355d126913699208faefd67680c52cdf4e6ecd66fc0cb4753ee603fe9763df7

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
1af2a91dc0a4e48bab0ca123073adf30

SHA1
cf6625fd31b17d46dd31b16372840c74026d0ba2

SHA256
ae574c9b8a2467c3ee0ac3e862255e93a02627bce146ad7b720b99905dc224fc

SHA512
45103c51fc655f608e687c8e9db24c956d12c63b0497ced3817aee3d9f5fadf0741064ccb49ae71fbf377228af315c961fa414221731ea4892425ed4939bbf51

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-profile-l1-1-0.dll

Filesize
17KB

MD5
9b9d1949b75df171884f6f8caba7ff59

SHA1
411adf413f53c56488d5cf68e9b4b692889f3c4b

SHA256
cffb2007c31932b092cda3a0a39f1cfcc5766b6a1c05e5eaeabc53660cbbe786

SHA512
dd2110a2406e9cf70e26076ff4bc41f5478ece318ac48e8c7d8101e14c41284ddb2ea305560e1fa27d70925525553969fdcab243b31c0fb5ac460e1f00db2b7c

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
18KB

MD5
c6e268c877a9be5b43877308b1231120

SHA1
949105c826dee6a32fe1288285e3e41cb7d04821

SHA256
eae3cd8747da3b435846901a1dbe0e430666d3d8d7ba6e54307cff5d6ee0592f

SHA512
776fe5cc3e5eb7ae9c20e15c6c5bce20fb2a0e9e81d260a08dc41860b3967c7abdc3142786421f349ebe9c43a12e261a34e3e176535b8e04545395279c439331

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-string-l1-1-0.dll

Filesize
18KB

MD5
5122b8aa14a25c8567d9d0335036446f

SHA1
81961f2c8a331136f8156930779964a71e0badc4

SHA256
7b5393e2cb79f0396d5d97510e8f0955a2586aacaf60eb8de3676006cb81dc5c

SHA512
758ff98f838f3ca03ef6a9e5a0e39732afed73f4d15dd7d7a1a842c36ad00a859541b4e977af513ddcf970ed994cc27b11654ddc0f15fffd83bdbeff43084cc9

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-1-0.dll

Filesize
20KB

MD5
e1b30d56617709cf7dff5f464d7566d9

SHA1
e29646b1c90550cb86ed42782c764d41f2c70651

SHA256
5d1a854a0c5121e2e8866dad26545f7f8c2d2f1b15ed7f1ed0b72654a1fc299b

SHA512
e158389a4f71eb94a2e73706f0d52db91798104d990065029a3745dbc9a0459ed9ae96c78bd005043de9057bae66f35a174537c525385abc8e91dbbf579ba511

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
e4b64b2710725ec3332021bd8044d884

SHA1
2d7f8d87d0f395296ecdf277084d23cb9e0880e8

SHA256
9566b81b1c6db1727a4bb3a7a3de12247ff5297f34548593280ec31f2b2e2c65

SHA512
ae5570a2cd245588a3f80744c7b1af99533730ebf8926f51a2cc13004a6eb5ecb501aa8c2906e5fa5ddc5a92fb796d54af43b3e3ff97ca1cc3d898462bf7e9b2

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
19KB

MD5
67fd470a60fe8fb3f9fbe32fa52871d0

SHA1
09aba019a0d0dae7415b6d9a39e1dc67d93f130b

SHA256
1f98f9e044d32e61445c5fab3c80c2f37ca6bab3d5b22cd5611fb5df73db04a8

SHA512
f8c3f1e3bee196487aec704f128240acb57fb392db918a97176793b07726f017177abbb5a6c68822fc59ce06f04d489a78284a865efdc2de518f34ecfb0cc1e6

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
f53ed8a0c18157b9e37500621dfab9ee

SHA1
b8a3131150cfd46052353309843c802d9f43df03

SHA256
5909e928d791f67a13e3130033cb0e2178f5167a644c3ab5336322d38356db47

SHA512
2cc98322e67ff49aacaba0b23fb559a5c4c58182e4f3965673a766d3198a26fcd7c7c340779d9fb0fc3f2649c16427ff312d87caa1feadf23dabc6675169416a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-core-util-l1-1-0.dll

Filesize
18KB

MD5
2b9f551cddd662c618432a75c546b296

SHA1
1ddd65fcc8bb401c734ebc2014d057328f771744

SHA256
070afbdbe5b3f3b76b6b7ea2dbb9f8deff81c6ec8706eef9080671543e2ae28b

SHA512
54df6e692ac630d969a697c9e6f379c4826ca71b7e8eaefdf502405b1333a6b483256aeba609a4a1c61e73f72d2958aaf3eb31538cc5e7a91101d7d09e3ed9dc

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
7d943f85ff8d1515a02d202ae79453d3

SHA1
94def1f7368172ac50b665e74b89e8f7aae2857b

SHA256
1d4464fe335470452e58d613028dde2f105edf969d411e90ba7ca9e343c3fc89

SHA512
e111dbef97c6c6cb3b5c2d183294620792c48a2cb16d9d91c12cede757a1c0c53d707f4294542bef47eae784893bf63fe0f0229bed4b2d0a961c8d1cc1cf43cb

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
278857b86f667c47cbcce94f5ec73ca8

SHA1
a0f5b7e7c67f3c6b8f285d39d08b740e49445755

SHA256
91c5966932287078d0e616d8e0369347991f39765749bbffa1ed3a9df49776d9

SHA512
ebc02d1a2e223eb0b30a8e62089735faed83add4161094493f62561a09c13a426815e7f06c20c44477691109a8c3040dc68527023bfee6d9984c42d6a05208c9

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
6493b21fefae874655c62a56a156f3eb

SHA1
c65beb46f9f03d35867ff008026d3a56fa26fb65

SHA256
8d9d3e905d072c4465e4787dd5bd843d3a5dd5ac5ad9d7f232032b25facc82ab

SHA512
93cbe187f7fa86ac58191b5384a993135e3291873a76cc2cf81dd60c68ad7591386e4eb5ab53aaac2a6f48f7f778263b7fa0a4ea0863361910a9f1efee92b64b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ae83311041ee793253ff10736317a09e

SHA1
c62d06cb6cbd9d997c42a6ad7f13c06f38725069

SHA256
8f9361d02f68392127fe264655eac4fef4a4a1bf63571f184ce26faa98670702

SHA512
0fabcb0370330460f8f525401f339535c08d768f075816989a16eff2256584cfa8fd6832df3ce3d9c2a5364b4ef58bfff53cc486e3b48d11b654f7174aa18458

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
12311308d7d65895b3920b3dd3e54b3b

SHA1
3faa74c6913f451d9c575761630b507af0c15ee3

SHA256
76dad3e04c9ff61b40ae1c9e039837cd1c077d59b6a008643e4fbf2dbdb564dc

SHA512
67fd047e760dbdadb06cc2c34b935fdabc629fa988484a9f5120cd59d6167d943b612df65626701022b5e73c5b1177a8d813e90c5990468f51a5a11932c008ed

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
3dafcf25a2ac1becf40acbec8fc7134b

SHA1
0729fdc617403622c2edd77fdb7dd49b530e2037

SHA256
ba1458f730ff90009483c763926d1c74383480e529541c0ef5d4de44e7a4f14c

SHA512
9dbb487489c8a6af8dbd6326fe4958f489552af268f2937495ada35bb8404cfaeaf54833d8bba2966e72cd0ba3284a5fd167baf4cd6d905870f5d1ed3e5ff6c0

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
f32bd567d35d2e85504c39dede609e72

SHA1
b7a7145956466e45bbe6f7fe41e935a152c2c325

SHA256
5f2bb085217304006c81c55214c6093ec476e554e31808026e424da82f58aa0e

SHA512
55396f3e5821d3f3eb5988bd3362a0cddf036de4afa8cc1214813834b5a152fc3df787a8347a7aff3de6bf112e1d2a354790f593854a59f1f49393ddf967d085

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
56c02fabc2c64174009c905570c3a22d

SHA1
e52154112ad127ab01937453490091def4d21ad2

SHA256
0aa2cf2cc029c95fc053374071d7873edddc410ff8858720ee5c29bfee62dddc

SHA512
9f22f70b5de4078fcbfdbb186d6cf220561200092eb7ceaaad9d44a5281f84abfb1729f4e447dab3753225d5fc6c44d94363e3729e5765dd2213213c327c4c1b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-private-l1-1-0.dll

Filesize
69KB

MD5
4b27cf5cdb20aebf113df752019ffca3

SHA1
b02c6e45f704dac118f81c324122c189e3e61e17

SHA256
c1e206aa4c8014dcfdad15c16f50fbf4e3ce8e76e9406af923131ebc001dd5ac

SHA512
cd4df2478d719e159e2252e6784d24e4260c13d8f47774ac33a8e10b1fa96d38236bf2c3ebc060a5801fc19392cbe5c636befa898721bf114956c2be6476bbd1

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
fa677cfb18ba1370d8bb98681c48cfbd

SHA1
cbccd561bf53c59254fb04ab136996b81cc80d3a

SHA256
36589e9738a9358065d5a72f4276505d6c2f78101508bede05bdcceea46a8cd8

SHA512
9312acd4955d4950d851910198d4ee622b75e11262e409c79391078d12d2d0db320723a1552048acc0e9deb30378e3cd27d4fabcf2077d429eedfb275cdb73e3

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
595a997bd415c8ae0ef1e3c3b73e6091

SHA1
10f34bc2f474a43bfaac26f66ec8081106c12253

SHA256
11aca97acda31203aeee496c9f183b49db1c54d0efa48888a15ab4ea47ee080f

SHA512
944f6bc405c69d6bf6dc97652e9f296658bd3de078dda50ac680e56818c00dfee909b100fc2fa9c6a891c55dbc66dd62ac52819950732c83198dbb8c04f3c9b8

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
415d765aa267382a79e56e428c80b1e1

SHA1
1bf13460b8aaac1538bf45186a1624825bb8c355

SHA256
cf7bbe93ae75a1c46a38204a6acef71bf2f5e3cd34501825601900e07d3d7b15

SHA512
7236ef7b2937718409ef4eeda20318b1697e7c1c868d0df263f4be8673365d48ff6ffa2317bfd1881b6cb3dd1300410ad4f715b8e01ed321c4011aac88490d21

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
5bd5a9001cb0555c5b2b14e0cbc8d922

SHA1
4562d23fba312fe95cbc777fd7c2e37ca1e76ad9

SHA256
b516d1772b75714f039440cf5d070b87a187d2f67b7f891c94cf1c60330fbfa7

SHA512
a6271f28f069a00c2912f80552bd54bf0d8461886adff626b336d25943dd0ade19eb88c718602017a1986317af3eb5f94f8896e88b9367207e8b53225322cb84

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
f719ad4c04043f55a21e73805997b287

SHA1
0e88b1271b242f7933e78edcb05131612cea061e

SHA256
a4b0f75854949980d410c5da90c36ddb94be292431c89fd3e992f9d5f8ee9983

SHA512
752b9b4385162126729c3f09b3b75d7121c8dec00cce11f7cf1ecaffed3e79addcbcfe8bdd4e20e15b8494bfe2d24c3f2d11583860b1e03be021196bc83fc3bf

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
a405399d5b958a03e6054307a631553a

SHA1
dba43f0afd8c6e1f61cf0be7503c6f70b48b8240

SHA256
d675ee0c418c4cd7ff0c19c2d945331c8e6072a51abbca548e7d9d2f1bf288dd

SHA512
33c64766053058fa9fa4fe689f1ca5a345b8b70443995d71aa65b64c7bb38d4dc3a2b37ad06a4ce5ca1c927ed9ea4377443eaaecc69b0e758ff265e755194287

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\concrt140.dll

Filesize
310KB

MD5
67a3ad0fec3eb767e423e3d7a9134343

SHA1
42949506bc8451031425840df33f3acab5637b52

SHA256
01729ff33c2e3db1033fb86e899d62026dc1c03705269bb9636227f61934d9b3

SHA512
f3b13d38f44acf37c5002f08b684cb2955b778c8a703c8fca6e07eecaac45e1bf4bb036dda055114152390322351ef936492abbf6532d1a48fcfd29304b4db1b

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\crashreport.dll

Filesize
51KB

MD5
d721e2c965028edc01adb4c1f1fb6c38

SHA1
ab6d54a791cab06920b9b2e32fd7f23af7567894

SHA256
1f34fe0ff73d418d5e15b238ad5272dcf1f9b329ec5e51353e78014d75186125

SHA512
60762031ff15f9dd3a87c71b0af8cac7d3eeb02293b336bf7c59c5b1eeb7ec5d8ae21596e3f4b1f69cbf88c6b42daed04a6251f92655682c824de4e3fc06dd9d

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\fastpipe.dll

Filesize
67KB

MD5
2ec1bf3c8efb61111b3264fee9dd20df

SHA1
86b5de258327fbbcc3eaf610967291f63adc41fe

SHA256
263a70433f25c269d8534812669d00e9548bfbe543778c0aa9b864f2b0ee7474

SHA512
76b3e8c19087d4db43dc8408f5dac6adad52b4412ab28749ce627bfce375f6877b1193d9e50a72678162689cabc24de81922505a6b470aebeca6afb1e2b5257a

Download Submit
C:\LDPlayer\LDPlayer9\vbox64\host_manager.dll

Filesize
59KB

MD5
3c783aee7696b24b5ad394a165413052

SHA1
e3c8f74235fab9f68fde752cde0e4d0972724bdd

SHA256
bc00bc463dd467c68c35ad95c3f8d573905990df2cf4df626c13b7cc56ecb8d7

SHA512
a09e8f280be7bdf61ce00e6e2daec7e0ec66bc202319e2f89009eb8b7d8d22296fce35fccfdde0b1f1b2e6cef3baab7f68e64a6a596d3bed8b16ef6e67f05ee4

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
636B

MD5
091f93a3efea61411d5a0095630268c2

SHA1
6ef4291473d71f222cc723bfbaa5ae576c5b52fc

SHA256
cd1195a7ebf439618d3c19406eab9b34a86b1aa229c6c3f1a396f72a8ef7406c

SHA512
6816571732e640551030a7d605496138442df635e6cdf496ad5c5eba3f48a4ca0f37213b37108e3332f045ce8e9f7c283697720c9daf2bba7f1c17539c71785a

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ab6627d6da0724908361604b2b351b7

SHA1
d6e7960616dd38cd05633face9bb0bdd061e3211

SHA256
88a373cea6d7ad2daaee9168a0519f8a23ab9ec9cbceab97df4c8d39fe1544d0

SHA512
59903d7dd6da68cb4378eceb6e356d5861514b8365da747da4cd05615ec7c7a51c810cbac6a7a00256db1aeedad80ef71b6ff06bae61e1884e620cc4a45a2d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25d7facb86265ce3e89835dd7b566491

SHA1
4db1197fadadd7742986efdc2ca76f89cef96942

SHA256
3d225a00da389fde7674a7eeb98e8572be2879252290ac00faa3a80ea671073f

SHA512
cbfc02ffc441edc20c72b35d20b15178a2173e2a1c54e3736f7ba6d058e1ac7a5c1b15798bf5b91ed3a8197430f0fe84aa3d75a8aba61b4f4dd85c1b3fe68bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
32KB

MD5
17ac94ace91208afc88f1af64ad2f9db

SHA1
f48911c315fad8a7200ade60313e7298bf24a84f

SHA256
52d993088a8ed580217eb7203a60821b37c3b4f725de3122ac05c848b58ec90b

SHA512
1f719f2c9bf6e51786388748a0c1e23ba36851572a4e162e393af483784a9a8d98f96b87a34b43fc5652ba576aa381d83cbca3f6556a4910836f693f53cc5dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
20KB

MD5
b4f8bc3b12b0401fca2bcc69f16e98ab

SHA1
b10d30971d16cdc1016f0ed06db4a3a068d21e49

SHA256
3c4d986c8b1bfa46a059f74dbbc81dbf3a5253efa245c011a8fca1a9a647dbbe

SHA512
a76350bb82d417c6b6e3f29080bec6a265f81433ab8dd1277de5ee3581ec420f319fa734072d2d33e970ce520b472c0fbe9efbe26b76bb37ef4ff5f733ef1305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
20KB

MD5
36c5bb73d8fb2e3ed95598fa44d8136e

SHA1
5f2751e1ca0d99b864bfbaa5c85eb40ea519b497

SHA256
a0d94a06bfe0799d46cbfbf5ae8f25bfb3ea8c51fdf8985d6a3a8025266afe9a

SHA512
6915843ae5fe266b736669f263dcfd0789492206ead17c3ad81e2a67af22ad249114849ad3ebc0c3eb45a6dcf35d62c7a5d3bd0cc59240128590038623ac6c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
22KB

MD5
33360e90e167e4f89bbdf5b7949386f4

SHA1
fc1e52226d47fa452f0f38570e0f4c7b7984c1ad

SHA256
2b76cebbe1483348ce7cfc96acd43548102e78fd1fad6f521f84e85e270ea4f1

SHA512
9fedd0d9825c662c594c08f92879ef209991fb279bc0477048496f417461ed54b34f0801dd0c0eccb648093299d1c60e76c4680302b1a1a8713a1aebd9253334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
27KB

MD5
81e776d4d71f3de9d8e56ae047b0bb61

SHA1
b51e4206d7f7770db1ad50053eb63a00d8ecabb9

SHA256
99bf4add4d34a204a707908c28aefcfb3d037161e16d0041d02e2f352a1c016a

SHA512
45d58f4142cc84a3024789af4565d15c9a4a6c3ba212249de9eeadd10638ede4429dfeae7fa626f3160f37d3d9cc2bd9125c826d0d84655c79bdf012f4981fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
16KB

MD5
056b4f9bdea596748382e2841f4a15cd

SHA1
fdd6d23631d4468cea96a1c1a48166ad12849e4f

SHA256
e9a30f942fa51359022e0d89a1833575f8d49f3c48aaab6e6f7a0cb84c79c7c6

SHA512
23837bd0bcd971b3dd94942652a15a2a3168c34e315560dc286b24e75c901714b4a2b49009f3d11dfbfe717b4bd1c17c56eddfa4320e49b6b4f9ae248b6f56b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
27KB

MD5
31105bff36c454ddcc4331281e57d725

SHA1
9d97a17804ba35dd896951cec0cd8e43554cc413

SHA256
c935255ea85f8abbdeb935ee7648038271b785af5a8b9e4f5fd4ef1aa5ee90aa

SHA512
aa4088a1f27cdebcf5d9ca76d609dea9c320d15c1919d742a3f0cbfb5cf1af955e486bb7d2382d4c915b018408b20a349d3f95c09468e375d826150700d372f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
31KB

MD5
d67df80228775708bca1327c0aa52b62

SHA1
39afa21befdce7631d8e1495840649c200796271

SHA256
e1b4190722fba4676bfd82443d876d8950d79a4651557e9641af93fa5875a9dd

SHA512
ed1d156868e7733b46c5ac6a135dcfd1f8731764a69026ffc5b2705cf5fa56e1cd7b7d4dd8c7de439ebbb3bf80dd0ed58dad7c417af734ae26ce10b9fcde7eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
0baeea300bac087a02df2fe9c703a4d2

SHA1
0bccb34fc2277e6c33eb9c4e31811b5cb1cbfe23

SHA256
c26c7835b2dcb9d785004e182b3e10dcf9014ff826424b35ea103a735b18d0ff

SHA512
e7e3dcc001edca08537ca17f49b2a3f98908eb72c081ce155dc0d68c88865908de5de17f6759136af1cba372a27c0a6de61e48f7daae19aab75ba455cec5b555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
19KB

MD5
4579e79ad6f6bf86aed84c237bdee214

SHA1
f68666824c9c8037959161d4b47e18466913550a

SHA256
d34f98c9e4952bc80f391de055b2f4cc235b86b62f6055fec55dec320560b54b

SHA512
7d93ad3e715baa01c114075954a7a31ade3601135d8278cd5f762026a8a108af5bdc092558b1da368679b826db1a10cd93c830965f76e6fcc8a82f6c2761f2e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
25KB

MD5
6d71f6deac93034334438617622e0f64

SHA1
78a8a99bf7857c1a926a86c784c344aad5a2b7fd

SHA256
84e9fc382f21c94e96281b7d58cd153a5e0521d8895f8ef5fabde529c4c0c93c

SHA512
000601c23bc1f29929a69647ab63628f20aa0d82c14160862dc4a06ce6e2cb40411aafec770761a55d6cf91e5e7eca4c2c8f0af2f13c68d5eb2fbf2b18431a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
23KB

MD5
a570e264752e68d1c2a9d4f2dfd192a8

SHA1
bea0e4a1d6de6eee23afc209ce09ad2c86e5daa1

SHA256
dbe43e897361d11c256d4bfcd416ece1457c24d2b96f9deb175d6026ab4de87c

SHA512
9b801d0af3e9ced2bec6d3ff36e29e6738b4aa05535f4403e0101518a4c732f896ab13f34301c7433f84539ab3b4b411fdb1d12aee3fe1d15adca2982b0deee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
28KB

MD5
995e219c1a5658f5474b15a8015f0264

SHA1
9510997cb7166ff8306a85da296342126c33bd5d

SHA256
4ffc30e4b25d4abebc7fdec82c2d75cdd47fbc1f480ecc8bf3e0662d49738241

SHA512
ce7a9195490f87d4c5553a0503ba5d09b29d845d7a58a0dbd5ea3283520ab02f9791b6049f72cda191dab0a6b527451226038a903c133ee14609b536150e67ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
17KB

MD5
bc0873451055f69dbda0233aac29d91f

SHA1
0aed0ea6f2df6cfa196380e3a7677446280932ea

SHA256
519be6028dfd80d61131dde16cc20244682cff38ecfada9c516497696a1887de

SHA512
abac7a46a2557f7d80da7c0f2dfd43d7549822e77a19cf9550ed222a872a441f53cfab620d81cde08b5cb66a48cd1cb73491922cfbf77df899e41650434f6fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
18KB

MD5
5dad548b4e8c4c294caf481e2cdc7e39

SHA1
3d1d0097eb0e491f4abd73ec386ff75302464647

SHA256
dc0e8dfee42b5ded5e973370fff4f529c3691d992085dbca88caa78af810bebc

SHA512
746671b4d2e6aef60bf3acb16a42499f319389fae7ddcf6d42f94aa76413b8f34360d0de86c7ddd25243bae99a1f5dc7c4153fc4e464e7b97a303bdc29eeb1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
17KB

MD5
7a51d411441ee4819d525ffc901f06de

SHA1
761666063f56102c302c4db600cec7297e046742

SHA256
a59401c829dbaf4aa8e4cd03d0d04c8cdf80fb0bc173e6cbd7c54115e1a76572

SHA512
79eae22eaf9deb6c8bd44522342dc5e4167c3c794f2173f402cfc05bfaa8f0b06bc5fa636734581126df88061686cb46b62c1a7141690dfebae56268a533efe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
30KB

MD5
b21bd4690f7208ac029e01d818ff3574

SHA1
466f852bc276e9d51d1acabfa6e4896d181c241f

SHA256
64dadabcd623bffe4beb1f64a99729f57f7aefbab1356bc5e9f4cb5b9272eb8b

SHA512
1d90f30aa51c79f8070f50259adeb1dc2a49ce3243178c8c03c299b8c3617d3f7a4604507917b7e6f6f48384fb57cd955380aa4ca53b88b119e2ccc5955a0cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
20KB

MD5
e67be0825876417798d90892e8dd068a

SHA1
3dcb6b1744eae7c5340c8f528f9a06aa459aa507

SHA256
1629fb0a8dfdf991d70a2e52822d07fbeb233da3d51cf22936f07b64eb3b0a39

SHA512
7c37b6e03a8bf934c483b810e98fb84d0c26d1a2084f68e1a467b2800daef942c57e04acb79802599e3c250dfdec80aef0bad67f77ef73cb965ec0241ed49abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
18KB

MD5
3300f14363f80e99323515093732316e

SHA1
416ac3f7f4df2667cd39353d6000c324097c2ba1

SHA256
40fe20160abf6cc91c21afd01d3bdc0551182995ffe13b719408869dabeae0e3

SHA512
6a83b72242d763d51bc49b3242d324e5f4e598fad4b831f6a0c13eaa0fa125d064038f344547a46baf97d9d374a3b12a5c574785fa6f9297a8927b74df8571f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
52KB

MD5
f8f549f9bc7bda45f85ac7a24b0a5bab

SHA1
ea0781eb59292b406cb0304d951d15f1c0ff2f56

SHA256
c55fc2a939544a6d0508792e56b6900255783b82d2087ece7734422b0afba1c5

SHA512
5155cff87186be1b23bf0e8f9d934f77edc3eace569228bb6b1651d9a2c86968bc9dc197aee499105c7f5a0de8be27f0f5b4d78c41589c9fea09c70fa498511e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
41KB

MD5
006b0f2169338f231c357602070a1e82

SHA1
e291c57480ebd1ce3956d7b6c8f9c86c96558683

SHA256
5344346852721f719af8f2b8b938c9681eb87115e946829b7b2282c572b78ee5

SHA512
88067a34903ef377ae0a8427eee77148a00c70733f67b979d676d7ef4357cfe0bb7ea9aa895c4556ef4d24fc58a38d03105d843b5dedfafffa9f36adebb67e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
43KB

MD5
edca36530bf4806ab1b8b9d61ec6be68

SHA1
b27bd32e3cbb9b81279828897e4b6c8dbff8240d

SHA256
421d3ef8606f5dd3972a9e831fff636e2ddc3510447e4014d331e7a547a8d5f5

SHA512
6ba2031f974dcfa2cc127031a63afe0a4cfbae967acfafaab4678e5d82be26b625ef26496144015413d40d61b0de8ed52ea3dfcdf59f480a8b7814d2773e0a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
34KB

MD5
62191dadf8566e52d08eba8e5318b7a5

SHA1
2b415f346c55c9c9713a92e482cbe7fcf3e1bb3c

SHA256
8752134c96a9b240aa8b618b92c0e623eb5a0cba995c781d0306ab27e2b0e78a

SHA512
cf86223e6718f9e5e5f9a75b1c5a7a6f0b1dd08c7e68dfc209a52af3d820a1794226331b906b0618f8fcf6203263c7c198f78b1413283d150035ab3e6f86e8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
100KB

MD5
963f0cdb43fe1af362d8ab8ca184c033

SHA1
fe9a28225364589ff1b29f41cfbc723a0bc05780

SHA256
ced169af8d4581116ff875a1f62d1d0f6e59d0ea52593a9a26e52bb358726148

SHA512
6b98fc7d064e5bb1b4e087cbdd0793261da613d0858690aff24235d0af9ebe8ff19c1ed0882e5819d08f72435dfb654aa30115e48519c1b8cdb3a18a4aeaca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
194KB

MD5
298de3279482888afe0246c4af19e755

SHA1
b13049dd1d95bc0ae6f27a93007bbad3e041c576

SHA256
1ab10ee7f190e19c25c496359bae41b72b24eb7ae68459c19ac279dbbd13ca0a

SHA512
6fd7569d813a3526c88dee0001cf11c71bd9a32757cd2a38072bb438d5f0982920a7e0b53bbb857e9349fa0af5706603dc6445affcff6f56fafb395abb55a610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
205KB

MD5
62ac572776d0ad191d5f6b1825fdbf74

SHA1
b3e63aac286ef71693a41fe555998a77dd7ffcaf

SHA256
dceeda08cf37c56738dc8f6f564948dbb85444afc40d77f4cb554245205c4a46

SHA512
f2a89afb665e93a071edb7a8d6bdc4fa821cbb4397aed13d8a037d904ccde50f40377142d17cfb44c45b8691824d4d39be628b76cdac1da6dd30e58e1261f13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
51KB

MD5
a3372220fac1f742dbb94ccf36135435

SHA1
b1a8723ded13e29dcbdaab0cbab60e616c7c326f

SHA256
f932632467a1c5e2f008e1c53df49ed948336ac2a7e04d6ff3e8d41e99a5831a

SHA512
37d5796685da30642afcf4e0dad832e7930584a10f848aa5cfc8d76e340b7a2ef3ea8b2a61c02e05ae18053b6de826a824a3f6f004edc780ecc1963ab39bb455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
32KB

MD5
97f39a1f1df01f256629645b8417357c

SHA1
9c0de79d2427016d9799e25edc7b2b3b0749e513

SHA256
2f07189f70985e8c851677a1ec72a4678e37b979fdef7ea4f32aafdf41964d8e

SHA512
898f3d9d8e6604ba8ca174a473c09dda3842613541624963756dc3cdc3e2fbde436f97978e1bde8432d12a95a7ebdcec0035a586f15fa90a8779dd1f2b754cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
106KB

MD5
3e4e492005987cbc20578a309993047a

SHA1
21bd15ca5dbdea82291868eee9d85967e68ef6f5

SHA256
61a77fed512da56269d0f7a0d7c41193637ddcd102aa8979bc07bb1d997dd7c3

SHA512
fc40170950635f9d14642765934dd270f3708a44bf4e3740acb2632ff50cc31f19d27e82975f7fccaf090cfcc1ed0194b1ccdb957a945be250cdf3b58a719f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
99KB

MD5
21c94808ebef9d1572cd1d7ea32d0b81

SHA1
24fe8f16f7ab029be03e2a8aa6f5675c48a2ad38

SHA256
cca1181ff593492dc91ed6313538ee6ac5db3591306383cc85bcd54f85a6364d

SHA512
4e4a28547004f50c71a89c2f5c75a54939aac7827518c6a10b58b26e7436bc0784343b89164204412d735407a3a1652569232d13b104902426ce985bdd2a9e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
21KB

MD5
443cbcb5829a4a4d9375c7bb0071f2da

SHA1
554aefe411e094775f5d88764b1a69d623ee349d

SHA256
466ffaa0543bce97dc1f963700787bc7193076786991d9b71fd8db3453304e02

SHA512
92fffc7a50ce6e7813f0d68bd44b4b9c6e17d060cafba12379eddf7b2a81f96b4c5046f0f80e528936952296f50fb2317475a9bb1db984964e71b9d913e12dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
159KB

MD5
3b473f43245dd3a3badc954563660c0c

SHA1
0755d6ed62fdeda24c4e307c1c0c78426bfa417b

SHA256
c3f44f71236b3a1fb641da460b13fb4c4427e34b91a734d26bac2a5890fed456

SHA512
989f3cc29b674da5ad581e65d1b9fb34bbff59825abb9cd401da350cc29d9a80e33076e82f0e7e6d9d775466a87409862a2f77be081e73742fe119be333a4a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
309KB

MD5
4e30ca5d1c9b88d80bc26d1de5400d66

SHA1
bad6fb9719582e21573ca5ac781af6b518f81929

SHA256
47ad43e80422dfae8e264ec304c45bb918eb40e0a27434ce11eca1e38f28e374

SHA512
7c3df5e5c3c7e283effdd30c631cf67e38255c92b5ba14f41efb0bb59a5055e73a50b7b6f00aa8da6510e37279874e2396a3596336ee4a266303502274d67bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
91KB

MD5
08fe9901e0e818c403cd0fddd0d39e90

SHA1
b48e8ce2e7621328d96e3faf7720e8ba9412d0fe

SHA256
384734c6a19547a169adab6058e86ada275a7bf9adc4f6c6482d50bfaab1ed36

SHA512
d07b4a3d7aad7ac89829846d1e733d8dec2d1b0248004708d20a225af1b15ac14d4ef43b7e2137cab157831e09b40cfa2fb72c686ae569a63ce913cbef6d9a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
29KB

MD5
1743f50feeeab1630881380edfbfad02

SHA1
f48886daae94af2d5dd4eebbe4afa98c5ec6a682

SHA256
ed9587060251d95bbed5b633fd6f1448525e65d83922cbad45fbe726ff55cc7c

SHA512
aee76f160c331a7ce94dd331e0f705b2f87ce49bda634509cf036ea8442ea6a82cade6dbc0bfbbc1a9d1574b8729217839796f17e15bc50186282e0aa44b5529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
20KB

MD5
167f07d35c1fbbb38741738cacf98726

SHA1
75e6f019d9c1a16a511b84ee44b64b341746d734

SHA256
27b7438871605e40969c225602d71db7d244ccb4124febe33950b5aa6b6bbbde

SHA512
f5289fa5bdb085d15983c8659e9ba91941ae3374233573f6e1f911cc4b7e5ba60460b4b13b321d059741ca9280bd81cad149c9b139c3d908516b387fa4aff782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
21KB

MD5
d673419ade77a99804771e1e80ab8d41

SHA1
01e529fa18c95e5b200dc3e277950947050af176

SHA256
a10924d3805153e240028c064fd13c1f010795ed65a9cad9d1cd6e77bde1b6a8

SHA512
51c45053be15b56ff1bdd30105badab9aa8200ee658b300c833adcd110fbc9de38052914aae141c3397acb9045a6e42c0695c088609d21ee4f186776b9a360c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
62KB

MD5
022b25708e11ee781f8ba58697c9a134

SHA1
8ce2e1690491fbd3a07696fd55666c2ad6300322

SHA256
fcf8adcd7503ab0bbc1efb75432802c3a1854e67ad20bd83b9c4dac5934050b8

SHA512
651776c099c37ca0d1e7468fb8f25da631fb87a9ebea29d8a53279b984140a1977d54b9c282dc026d09775cf30879761af83cb94484b58d069edb9cbe085961b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
20KB

MD5
4e3d7597d9fe391ec85981482487e366

SHA1
af973d6c6839979865f5e07ea63bfc7e3d7cb9b7

SHA256
fcbed11971ea7eee8ea97b4d3e6b5a927e276c0e976359e6b5b44e255123a116

SHA512
0261100d00f91115ebc548e2145482c9cef57f3939dff61cfee6b25550c61c8dba2e50d43f1aece6203595b789437e62940157bcf9fa74e80fce6d782de02ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
98KB

MD5
d84fd734eb5605f2e97bc7278f27cfa1

SHA1
bcb6c1530d1414f1afc8bc5e5eb2ebffecebe8e7

SHA256
5175e1d7e1c88bd7b8696332931a404e51abb358bd14772c541cf4c67360c6fc

SHA512
95a99aa1c327bac8ca79862633cb22f61a7685fee9aad76594c760a9f668892a09348b68d1a8acba0aed64da0d37ad9bb1fdb8f395061f2dc9ef492a8821f10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
66KB

MD5
ca4f4e170ed0e43acbf5e5e51407f8d2

SHA1
b129f1725caf9f5e733e9f4897e4acf2da9884cc

SHA256
5e0cd9df546e1438280a2326f4508b2e20a290ccf18258cd7d5192213f19fda5

SHA512
58c8d4dd1cf792d9c64e529ad47c06d6e29762aa76e5624654f63bd7accd45efe54f78c9591dae9403ffeb77783ae7ead09a84798653ab79906905dfac46f2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\157eb1f0277d9f0b_0

Filesize
281B

MD5
f9f77a0308b1fe64dcf0661ea09eb366

SHA1
3f7e60f98063068979e2d2ba5051b3f41e708424

SHA256
c2fb31c3de23d0acc682ac800928f847595ad211faacee5efcf24969323ecd12

SHA512
a5c4550be6135d7f1abae039ebda87c1d2e25d4f09f237e03567dc746f127322071f872b15a31d852b08926608d50cc0bb3e4b1dba4d928e92732e7927a55e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c28ec9d7465f042_0

Filesize
59KB

MD5
ae39611d0217deba01a45e1d9bc2dc6d

SHA1
295de1d5804413247a9f83f8980fe1e2b5776e4e

SHA256
c24c07b06e0b1fdcab9cd04ed3153593a18d8e6f53bb0e80d960ae3688e30a4c

SHA512
217310953c462dfa8d309b37175c7e41e4757503c354ff3bd711d7a88fbf6cbb2bbb49c47626dfcd5524c4abf5afd755de8b4a3130fce96a779159d1af505c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
f9c66d30eaf725f08f40ca0831658364

SHA1
b14284dfb7f53a8e83c929bf387b398587b87948

SHA256
ff3afa7d4dc51d7747f90ac5b29a2d66abe19c52e6d1c8ab58b789cfeb04309e

SHA512
5e349024178e6c958cba755a9e8f91d13cb9aeedcb11516b4b14de2803bafec3dae5dfe549c203b8d35c8079955903e65181ad7945c1e5c00a6a703a834bb531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\484ec9db93e7d525_0

Filesize
90KB

MD5
6ed60813aa897a27bcb2f3bb4ac8413d

SHA1
bf9a256f10d468ede494ea4f0476ec49388f336d

SHA256
c498892cb327d706910751d4c5c35463fdf8075b9f6ce04c6a56ebd40551b7fd

SHA512
137cb5548bc884a2500fb098d3a31884f6e775f6585b29b35635b55e1a1a2481004bd4e3c9362c615d17911254f9962771800de470c2514f6fa522242bdf19de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

Filesize
270B

MD5
3e430975e1c2276f5ad4c758539995c8

SHA1
eb89a62563bda6b7917299748ccfe548ff2e089d

SHA256
7097559b558bc4f05c53f5234374d70d35f315f7936a54e3c51d3a92becf15c9

SHA512
acacef47248b652c67c6762be106123097d7cbd2238603fbcfb8987d0f89faab5b24d0759de8ea4f57ddc24b2ec09640588f5d448c46a224f06d841de59387a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

Filesize
208B

MD5
8ed4ade1ac67d105b58bccc479328404

SHA1
7ae6a2c002ab1c75ab1e345243139ccf0af3cadb

SHA256
7e05e14244aa9331ec15e6d16d54f1d682b751fb2dde511eca8e4d7a5e81903b

SHA512
11109609a005d80e5e97f65c1ed3e138baf333eda404d30347def0b06597f13d96592205f0fecd4d1dd4a96332496d3483a1699b283518dacec98f8b01ed4c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

Filesize
41KB

MD5
d45aa663b812308712259aef36958749

SHA1
e7e423b8e2e99dbedef67ee37344f3e014dd0f93

SHA256
9d7a13a34d18fe04ce8ccdca943e28eb785f9c62f3b0d63b9b1ba71f45442609

SHA512
09ac34645de81a7ed494260da2099232143334bddb0549e1b741d599243100836fe441f768ba4973c5db81b2212e8a51f4c716c8676b53ab3dbf599c8e80102b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\788b6ea63ff137c3_0

Filesize
308B

MD5
336c386271574987f1d306e5ef170110

SHA1
007823b434999aee5254a9c56fc37777e495918b

SHA256
414282281498fb1f0b461d67df049b2c59fb4c7b00ca30f5fe1f3c5fe7582859

SHA512
302cb4f23ee955ddf30df2004dd446148454f57a7fee8014f9ebdc2d6844001b786aa1f7279d2a426ccf8e55664378bd52e8e630a72fdff808bbb8ea54009572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8172256176818c44_0

Filesize
251B

MD5
5cb8bbaeaef4ddc9050058e4277602ab

SHA1
3ebc5a4240c1fefca0b3b5bff56480a62eb62e30

SHA256
73dde57c65c0c968f8b81266c391db2d794a69c99e25c23af4d7d25aeb95285f

SHA512
b8500b73521be9093ec2370e039746cc7fbaebb633f7e35dea399647fea54f2e5afc1e64aabd388af30cf73a974b356246c7b2252aaa81cca9fc68b3dadd56ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\893f427aea9e2102_0

Filesize
75KB

MD5
98b8fdaf51b310e2568a2a432ed17fa5

SHA1
b0741674ed740d5fe737126dae1c53ad2c54a9be

SHA256
e5bf6dcf7179f44398c0c57cfd574036060a5777713d91f7b84fefc5352fd95e

SHA512
2a021deef0933e51722e408cb9963d31d07a4311d71f6563a246a7eaa29910446e854b6aab0126dc27797e0c6ea363fc6ab7f694c63d130f7fad5ff702cc8103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a94e2fdea996249_0

Filesize
104KB

MD5
b46d22efcf0b97bc190dcdcbb998868f

SHA1
a49f175201b9a09742e5447de37e875e5426fccc

SHA256
d484f3453bbe9f65972ad15a22e64023cc925f33e946bb20eb96aee408e254b2

SHA512
c8c0cba45147e3c9cb141211f776f15766ad19bb4a5ce95bef1870e62bd59d80883e77d89ad270f10df519abcde4b915700e695b19d3a920365f16fe46de8d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

Filesize
236B

MD5
720fb0b76fcc38af186f40a0213be2d9

SHA1
cb6fda916fa320adacf4ea2650499c26408d844a

SHA256
6708036c0ec39ff3aacbe4fd305868fc4bc99679e5533201df8ee61341c4e8fd

SHA512
7a741a0160f853fe43399f3ccc9b394a82438dfc2e141d03adbee249bbc208573a56727f6ff4427b2fcfe42e561453aafac8e861e8f8a8bcaab43474624d8ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\92063f2bbd648a4f_0

Filesize
30KB

MD5
ab5bb1034d0969918bc58e0a3e46260a

SHA1
660c2fb5899ec0f1f704793b61ef9543d5aa5574

SHA256
3212595f3c4c67c67f7f31c77a9c6da5abe70149e09f75d11100ad98756764ba

SHA512
ed2b8e9f96a645a12ad86f5edb71fcb5a20c21352a779cae1267f7f6e82156fafc45d98eca0d4d75633999ab557b2cc6dacb8b024d17f8c88ab3d69c471efb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\933ade85caf942b9_0

Filesize
58KB

MD5
8429e85d9fc2c7f05f777dc2db2395f2

SHA1
97f2b28aab19d4570dcd761cc119784e56ded05a

SHA256
98719adb82962adb2c900ec3b2ed7907e49acd58f8436c1072a0893f78d8af69

SHA512
465b88e9ffe738628f67efdc0a40f64f1415705c94d30d0c65d3fc9ea1b75ea9e086c5b7316309f6bbc395288e5c4583f714b79b06e2a38692e391accac84d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\979ef246cdb1e112_0

Filesize
275B

MD5
b3df4616100152185b2660e728c07bcc

SHA1
6c135dae031f967b2f1e6aec104a304469f5695c

SHA256
50c8f729750d50e1bbfd3f55ddf99301fc2548984a841fd9bf8add66e2e4c0fa

SHA512
bf51ef6853f3595f950b05cad28f756556ab31fdfad21213c889bee9690428754e2cabe4bffba344e4aae197d633b1f96c93d5174dedb58213757141e9d6449e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\979ef246cdb1e112_0

Filesize
7KB

MD5
fe4ed77db24164f1105eb27ede36232d

SHA1
552dbb68855ca4f5f1f4013aceb5dfafe0a38553

SHA256
ee9d59cd9adc93015be3f7a64a618b33135cf2d7bcd94107215cca2fe02cd82f

SHA512
4f5898dfdd68a833e72f939ea96dbae5dd2a3a776b1258ae8e316e3168648a55e1892d8996ff772e60847d3bd55b8994128cec0a867bc30326ae4b00c602f389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d9885b15f01c786_0

Filesize
429KB

MD5
a3522821c23a8e1aa284c0446c4e8748

SHA1
5541e0596851a1f0a2d6004608817533b3951780

SHA256
a347172ac5a91195d5df905b1f4557dc0906a08cde103a0b1dfc01033b849f2b

SHA512
10716068dd7116629b820d9d559a7e6080d3379ed9b5a2f69d2265d258e03f300615bc21c988d9a65543f238d8c9aed2e2b594659e16cd599627acb61b599f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

Filesize
202B

MD5
70429b413e710527286c78e1f2cd58c4

SHA1
126a61710dc620ded8d005be86ca93d33267d442

SHA256
aca0817ee54ec951e962c81f65aa5c47b460e7633eddb2768cde1295a29f4c86

SHA512
bf6a04dc6f9200a3ef782f79a0879e964e7c8e679821171051dd04e72f8944b43eb6a5983954b481487f3c7b2fdaadfce03ccc3b2176060c0edaa4afe943fc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4e9e66b8a32fd8c_0

Filesize
250B

MD5
5866fdc76ae9dcfa24a37b9fd4e0c6b6

SHA1
57be073289ae9f3eaf50f08af35dcba41188f47c

SHA256
97a1b82bfe58b6abe4b3234d739c396a860719630e2e42ca7584173703cab1e5

SHA512
263d71a4bde98466533f9655f82b9f73ede283dc0b6e385a256200da954b60be0d38d63ce477596965a16a1fd6c5a2c47de536871e9d1b966feadf0e05211ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bcc9e1948c81ae12_0

Filesize
8KB

MD5
a7bb226c47473ceb5c02e1fb4d7a8859

SHA1
9c92932bd8616d5b594f0d43b02b97e8b238cb4b

SHA256
4cc3edf0f9fff7fe63ae710ddafc11b7688b90d27ce034a1516480d0ddcb14ce

SHA512
3a62c893dac025af0ce834d4ffa8b0c6f4e765e42dfc6d70cf5e2a36ace63dab591e4306e2aa7009e987cae30226cb35497080f861c0e7d2ab271a2bb616e462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

Filesize
279B

MD5
fb9da16ee050edd27441814e9a92a547

SHA1
906cb365bd4ef46dcea840172ecc60a538b8afc4

SHA256
424e3f0e6003652baa6eccf1c399ad6a38a0ec21fa1462c3806a95eaae2c8f35

SHA512
97ed92e501f281f78ebde8ab190a633009170fd0f267ce68f7100c05e3393d5857c1bc0ac28170cb3707048bec6486d7e4521588edd63763faa6c0c64cc25464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9f19ceea843cbca_0

Filesize
125KB

MD5
f815440dadb7e2335de5218802ff02d9

SHA1
92f14fed88ac4259113d8c035d6986ad9207f697

SHA256
7c01404fa4b6c15c3061fcdee075dfdb70808ab6e39b83a0dc7e28fab12f47b2

SHA512
9a10a5c4c77fc2fbbd71ea8736e2d02b6f44d4044f104552f99792e91496ad9d7da53492895764ff644377832290110b3190e5b36525d61a000260cfa570a78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef94922484f81cc7_0

Filesize
535KB

MD5
3d38cce8156c980633f390b3e3b2e915

SHA1
ce7e814d1cde34560ab92ea5fac9e52b6950af50

SHA256
85270381c832c7a444c3dce98ffa9ec44b53c1a57914f13ff7e3cbe62e7f55da

SHA512
6465627b629c165ad8056b117d5a62184aee10fbfc44ed5eddd21028bb4f4dce01b853ae2e3b66c0ed51c74e63ea940f6e6f4f85e286c1c143b41477d8d0934e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0d3cd11ea894d2f_0

Filesize
55KB

MD5
03f9e496b7faae17a8564576e3119df1

SHA1
b9944a70d5beff058a7b530097e138bc8823ff5a

SHA256
e017201009082958f0ba3e3adb8822837425c6643ea41fb78bed30ad67474532

SHA512
b888fe0c07a0ea578a3dfd50fbfccc5d6a9a788e494aa3f74387cd6d290c9283366a86d7a7e397d8f10c9d602c0b46dbe9ed82aab9112293064e66562d429fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2667e55261d86d3_0

Filesize
10KB

MD5
2f50dd9590c500add4975bc3913d14bf

SHA1
354564d178e37d6e249c0cf3358464304689810a

SHA256
1f725a12924c7121bd79eed1a0f731a06c9c0ce2b2145a29c11e74b2a9d0c6c1

SHA512
74ff23e1f5cc79defd9cb9b9cff4d7d9071a5bd2d24d0e25721f5913a856e66151b54c7e3312ca802ff49309b9279282c33aaec2e8514819b02b9fd56cc60b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c979705ed5e41f238f29bcfc796bedc3

SHA1
4aacab83103a738dbccd4ddccedc0d48902509bc

SHA256
7c051cdf8f5636bd810cfefe5dec611d264c3c402de603d7d634a5db38cfd400

SHA512
969dd4f58d0f3ff1b6a585762efaba014485a10edb40c831a324aa07e3ff2f7aaa0b3e3aaeaaa6181f930352be3ab2ed751ea0ba628584fc93d98346935acf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
861365d71bdb9a457b1c6834f4f687e2

SHA1
6fdca1fcefc9f89a38a789369e860fa9bdeb6692

SHA256
1b48d7faaa59786a9909e01a0f21967135b571137d9853717c3d44d01c8a6557

SHA512
2153f4b2e543f3211948f4b5bfcd962a522bf248bf6098435d775e9a4ef4ab9dd397d363dae8f3ff4df2fb571bed0f1b22d987803bcdae12e9e27c1bf1bde7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bc94b751a4d4f22eb04e6efeb0c26534

SHA1
ee8205d14c104bbe274a463cc5db7b6282b2b2e7

SHA256
aa26c85a03c4a4ea78baf85d947bf1fb96f8f2fb2fcd8353d0396151b8367ff4

SHA512
e1569e03636f48fa27bdda4bcf71d4fa56c2888268a460ef3159964c1b4cd26ad0847b33eb31f1d88a16b46e3ab7985b6a1e0e6689272352ccb02e97b6d27a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
72B

MD5
83731a94d52364b49747e11701fde947

SHA1
f22fc5ce9464b79dea5f27e29fb7d95e74111fde

SHA256
357545133fce3ff2afc1ffab1fda7a91dba668b3cb91582ed9373d8144add608

SHA512
64d2ff759a516147f8e91476d79e958e152014b9125eb1edce44c08557407b049bf63e95d4509ad8f83b0d191ed31f1e6cd4f025f0e15c8e8a41e3f319b3a2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
9afe44168faadb40205a89af5d5afd6d

SHA1
33d317deb304dd8b94345baa527664c0cf3f985d

SHA256
b45df7b286ff2957d2a2362a0334fa29fe5b853a5de332bee86be9f94b17868a

SHA512
82d49e0259d8ca39c0f65703158c36a8e0cbe7a40ae6b54b8da9f6cfd672e7060123e3970660548f7e8d017a8c53bfaef02e8abd6232540610b5003f6606eff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
05c8df3205aded079851fa40227bdc91

SHA1
04909520dcb6fd2260ae5709d401b9486cdd54b0

SHA256
2bad0d8cdf43d52d464c5e76e07be576ccf1c5945e6299229a2af5447d2c99b9

SHA512
2a6baa6f3004f43b9ff51081eacda72d1ac6e37a3cced6db98bc9aafdb8b2ebf92dfb6bc5077f7d3de2827bc5bd65f65b7168c0c8a22f51eab3cb5c33532969f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e856fb5ec2b6bc3f55f29f9f0385aeb

SHA1
dc2c84e101aad3bcb09a6d3c516d17ed594df4a2

SHA256
7ff5f02f7368cb3ac15e6abdad9b69c5aeea0df33ec4ce1f54b4cc868a8309b0

SHA512
83540eef1bba0a14483d776d357b5e13d9dd32a57a91d0cd59626971dd09dbf59f2524d91852adfdfebad9277adef1d14cb3ae3acf7c5c73cd6a15e533fd2473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
75d92f105c7ea6d312528c5d3ed3ce5d

SHA1
d6e83a4adc007ea8a6a37477021c96314bf59dfc

SHA256
845906f35d18c762d1921ec6fa2bc648e2622ca3b9a19b8a046a8d10f19843e2

SHA512
a58efe985b34b1e45c8d2fb26fb15165d9f30f4e5e13e2214e9cfbd151276047baa9bcebbf47cb4cb4852abf8a2c2763e0f240a3acf2e57b19c7939a1e302714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
11e91dccb1c1065847e15cb368433928

SHA1
db22609288885f49b2fb3aed9bef3685ab081e76

SHA256
1dccd2bc846daa8224198d2c6d51aa7756983d184aab07bd49a338a308a4bf2c

SHA512
164bcf4cdf71294aaa901836ed47afd0b0c9a83101a04c48bb84265ac3504b74983a15f35caa2d639b4a78204b1432e78e2fa200ed8a52501f0a742a4b3bf7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
0b867cac3b1631ff62001797955130fc

SHA1
db46af6e8b875c984f81797800d6ce022d4b2f21

SHA256
253c3ad35861ff3654e5d9d739f175c6c39649d0d9657e7f3897c450688bf056

SHA512
c7d22146bdd51953762bb8cf0bf98e7d35b43e34663d4ca5c006a0d8b80c79731f9d9ff72d45fc6bf735d05b601d8b29e5acd892ea9bf86857a08955f580f747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
0a5ad83e3d22ca0fb0efed0cdad7ee3d

SHA1
0dc8422653438b591f362892018671117c5c37e4

SHA256
a1b6861903785e2972093576f78008bc423a802335f904c9526e4f040b0d334f

SHA512
a129b63d9eeb9d38054062efa77a01badf60280e084e2c48353a0afff773f8e8eca6a60a7ff47ea6493144d52388978d8d5187f99dbe70e10f1727e1a457c80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ac482d6136ab3f2568fd7c13371f1acb

SHA1
e6f6f6f4fc2aeb9af8c1dfeb4d4cb48f6a4e5d70

SHA256
3cae44e999ab8996e59d63858052b343eec5745e253d146c6709928813fb2181

SHA512
2c0b1518af43fd7f0e3c173e576004d0d88dd160b559534d33f5803db1609186a8df735422d5fff0809cf1caedacd5b4019412c25ea881b32a781386964af6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1f8c669bd3df50db858f8eb796216f62

SHA1
2458f5d97ded479773a14adfaa79046ab6c9a57c

SHA256
f90e536fd254b4075ab7ebfc74ae766bca7a2cac36f6b4c15a2db4fb2bf2c79b

SHA512
79eaf9abf4e9666d2e609f371fb8b0cd974ccdb293259dbcf46e3d560f190fe89f1919412de1d25bf70bf84b6db3ef03b4980957dec1a9fdd82ced4958b98b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
072f408b7ddbd323ac02b81308645880

SHA1
0da4555fc3b885bde4ccf71f500ba05b86dfcc95

SHA256
aeb4dedbeaa5ca96a8b9be024806d83dc687ba7553a3a27eca9ea7ddf64fb4f0

SHA512
a555c787819305538dc5bac66e2005d3d5528dea2e2f4eb59eee591bff36a9ed7f5541db6a97390b0f5bf847223d43e3ff6d02db190c253a80231f285ad67b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a89565c08c4effe12226c2c64400f125

SHA1
04eccc9bdad2433e653acf77ef7ba67e9c5a2d18

SHA256
cd09773ba28cc75bd881c885a644570fb05532ef20aa4162a7b36f9fb4f93393

SHA512
3fbedf9e5e1bd6d9d42c5eae3f2b785a48ac758ae587b59aa19bf4a251e87aa8b0f962087b0958ab66c5fdee7378bd4e8b6eaa42d15e2663af0b1719e610470c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
38ccedaff5ef690ed6e4e35df793a733

SHA1
7540315b2ee2f2205168827076f82d4bdd19eb39

SHA256
9d0c45488ec37f2b16853f07588f05982f6c452e335d717f92a76b0643375ee9

SHA512
2d783029f891dc9fb53095359dcc41c4119356310bb55b262e8840642495327dc3b355009d9c8d8fc99716daee74c582f854355db66f4f70c86ccd8f80f0b4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
03c08cc83bd0f9a90976ef88194163ea

SHA1
d8a43aed3b7015538fc8609f9a753e417c3b2dcd

SHA256
15dd169fca5dc96dc8a897b958e6eac32572b94e451619f348455aecfb2b64a1

SHA512
c6450eb392ee30137f58b3a39e07b9bacf3a3ae0a2a4d04320ae34ddb9cbe825eba0e83528128aefa8a13c16823093904d780db3cd21acc3c3a19d7e9a0ed685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a660126502e747db27823922a84074c3

SHA1
f7c2d2bb27ddfb1c321a58d00be4fde16d4c39c3

SHA256
cf859bb035efd6067bd67898c9033115abb5ca777c6fa2fb7055d5c66ed1a5d9

SHA512
309817de21fbdefe2fd17ece36e09d124e8c44cf7703c5d0c30414fa122c550e881b9ec3f3b3359536186b40e8fb1459220d408f0d2063ea295194ef43153204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c5f5df5635ba0f02c826bcf53c27dad4

SHA1
beab02f221cde430e7975833effc15f172558bff

SHA256
2e80d55cba6e43e4057837b4fbae55b3aae0e286326197b6792dc623a22e7b89

SHA512
4d57adad692f8280c97f160669aae178a1b54cbe7c210d76f5ca0a93b04c285dc6a198a39cfe3e1e5f31fff762ef3ab2012ab48ae1e04926a822f2e9b4f31772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad67b.TMP

Filesize
2KB

MD5
c085ae8c7e009b6d40a1de37bf5f0947

SHA1
f5e56ffc479906c49d78d75712f4acd7c8c0e7c6

SHA256
56b85b6f91b9d3b3ea9a6ac0d1b29c22a62ac3ec789f53993da37a92b42a525e

SHA512
a1367fdf37c66e34f4362543ebc8501bc04fe9901809a61c03d9b154df962969f212f38559b0840f592ac5b8c7582fd35c6d7748689a890fa0471bd42512d5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96b96edb00bfb06002c7989d1ffa9349

SHA1
08760cbd32d2240b368a0c2c5fd6d270a62fa5ef

SHA256
5c405fefae3b668cf214308e01a804232c9c1ab7443966ba1047c9945f3e3067

SHA512
8cb399e4bd0dd589bfe520dc0eb7afb850aaa66a6af080c4b2b9e75d3723292a02716ccd2072106681d622a41b72f14a309fcd304f1b0e2d95c188c2f614c65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db6513acef75646e3c0d2c28555f3053

SHA1
e160fbda205583cd1cfa7e2feab27631ade8524e

SHA256
49ba0c1fb9686949965db55671f8e10d3797e18dda4618fe775bc860ba3b58b6

SHA512
85b25c23e21a9c288575e2927de7c84afd64ecfe4c699634aed4757410c8b48c8b5b8550e551757e1dee23ad16dfeb07dfd711bd362f5bd407ca1830e1fa6cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\CPU-V.dll

Filesize
84KB

MD5
c324caacf1859269a6d0e7465644891d

SHA1
3b962eeebdcad3f99d1d74d417186b9e24417d84

SHA256
62cce2c15b1b06e3f7cc89c6707b437b010163d93ece7d40c349103d097987fb

SHA512
51a631092201de03e144e9a7112ae0af095379c9139fc309a043f8b71e593453230ba75d2089be82c59e5a62d353b0dc2294d850d42645d398e9e6ac08c238d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CPU-V.ini

Filesize
11KB

MD5
71aeb97dda8b98fb3dd0eccde3610b73

SHA1
48dbad3303ffc7814a8e1c5962f3058f0b298257

SHA256
ba2267e8aa29108d63fd826e1fd3481bf905b4f1ec6f5de87ecce49378f8dc5b

SHA512
317ff8c725a72ed8d9f065b8e78c62193bae3a66d4ac8f7e163f04fb5b26ce98b6343639dd5d91481a9f44fdc49ea350baf7947858425b250c18a4d00c59b3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xgye1ikq.w0w.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
130KB

MD5
b9cbd43b1353fea8d809aab7866c3a27

SHA1
c10fd902fc6e1c11b1b5bdf5360c9da79b6fe4d8

SHA256
11968e8b94eeedffbabd358c274f02611ef9979ba147d6ec160309defd3136ce

SHA512
f041001bcb7259f3e2ec6dd8b501fa0dd51d28ca5ef85786eaaefa94e296872f24844e5d3ce7515ab3eee721c5717bdbfd093d14345ffd5a7bdc44b2f78a5073

Download Submit
memory/2576-626-0x000000006F410000-0x000000006F45C000-memory.dmp

Filesize
304KB

Download
memory/2576-622-0x00000000055B0000-0x0000000005907000-memory.dmp

Filesize
3.3MB

Download
memory/3280-578-0x0000000005620000-0x00000000056A2000-memory.dmp

Filesize
520KB

Download
memory/3280-581-0x0000000006130000-0x0000000006196000-memory.dmp

Filesize
408KB

Download
memory/3280-577-0x00000000057C0000-0x0000000005DEA000-memory.dmp

Filesize
6.2MB

Download
memory/3280-596-0x000000006F410000-0x000000006F45C000-memory.dmp

Filesize
304KB

Download
memory/3280-595-0x0000000007740000-0x0000000007774000-memory.dmp

Filesize
208KB

Download
memory/3280-594-0x00000000067C0000-0x000000000680C000-memory.dmp

Filesize
304KB

Download
memory/3280-593-0x0000000006790000-0x00000000067AE000-memory.dmp

Filesize
120KB

Download
memory/3280-592-0x0000000006610000-0x0000000006712000-memory.dmp

Filesize
1.0MB

Download
memory/3280-590-0x00000000061A0000-0x00000000064F7000-memory.dmp

Filesize
3.3MB

Download
memory/3280-605-0x0000000007780000-0x000000000779E000-memory.dmp

Filesize
120KB

Download
memory/3280-579-0x0000000005E20000-0x0000000005E42000-memory.dmp

Filesize
136KB

Download
memory/3280-606-0x00000000079B0000-0x0000000007A54000-memory.dmp

Filesize
656KB

Download
memory/3280-591-0x0000000005E00000-0x0000000005E10000-memory.dmp

Filesize
64KB

Download
memory/3280-580-0x00000000060C0000-0x0000000006126000-memory.dmp

Filesize
408KB

Download
memory/3280-607-0x0000000008130000-0x00000000087AA000-memory.dmp

Filesize
6.5MB

Download
memory/3280-608-0x0000000007AF0000-0x0000000007B0A000-memory.dmp

Filesize
104KB

Download
memory/3280-609-0x0000000007B70000-0x0000000007B7A000-memory.dmp

Filesize
40KB

Download
memory/3280-610-0x0000000007D40000-0x0000000007D8A000-memory.dmp

Filesize
296KB

Download
memory/3280-611-0x0000000007E30000-0x0000000007EC6000-memory.dmp

Filesize
600KB

Download
memory/3280-612-0x0000000007D10000-0x0000000007D21000-memory.dmp

Filesize
68KB

Download
memory/3280-613-0x0000000007DA0000-0x0000000007DAE000-memory.dmp

Filesize
56KB

Download
memory/3280-614-0x0000000007DE0000-0x0000000007DFA000-memory.dmp

Filesize
104KB

Download
memory/3280-576-0x0000000005100000-0x0000000005136000-memory.dmp

Filesize
216KB

Download
memory/3512-644-0x000000006F410000-0x000000006F45C000-memory.dmp

Filesize
304KB

Download
memory/3620-755-0x00000000368D0000-0x00000000368E0000-memory.dmp

Filesize
64KB

Download
memory/3620-1207-0x0000000072E80000-0x0000000072EFE000-memory.dmp

Filesize
504KB

Download
memory/3620-1208-0x0000000070B20000-0x00000000710C6000-memory.dmp

Filesize
5.6MB

Download
memory/3620-1209-0x0000000070AA0000-0x0000000070B1A000-memory.dmp

Filesize
488KB

Download
memory/3620-1210-0x0000000070A40000-0x0000000070A99000-memory.dmp

Filesize
356KB

Download
memory/3620-1211-0x00000000710D0000-0x0000000072ACB000-memory.dmp

Filesize
26.0MB

Download