hxxp://delta-executor[.]com

Analysis

max time kernel
303s
max time network
304s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-07-2024 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://delta-executor.com

Score

8^/10

discovery execution exploit persistence privilege_escalation

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\FuncName = "WVTAsn1SpcLinkEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\FuncName = "WVTAsn1SpcSpAgencyInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2005\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

takeown.exeicacls.exeicacls.exetakeown.exetakeown.exeicacls.exe

pid process

3836 takeown.exe
6744 icacls.exe
2000 icacls.exe
1760 takeown.exe
5244 takeown.exe
2136 icacls.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

LDPlayer9_ens_1001_ld.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation LDPlayer9_ens_1001_ld.exe
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

pid	process
3836	takeown.exe
6744	icacls.exe
2000	icacls.exe
1760	takeown.exe
5244	takeown.exe
2136	icacls.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	LDPlayer9_ens_1001_ld.exe

Executes dropped EXE 15 IoCs

Processes:

LDPlayer9_ens_1001_ld.exeLDPlayer.exednrepairer.exeLd9BoxSVC.exedriverconfig.exednplayer.exeLd9BoxSVC.exevbox-img.exevbox-img.exevbox-img.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exeLd9BoxHeadless.exe

pid	process
5632	LDPlayer9_ens_1001_ld.exe
4204	LDPlayer.exe
6444	dnrepairer.exe
5392	Ld9BoxSVC.exe
4992	driverconfig.exe
6852	dnplayer.exe
2312	Ld9BoxSVC.exe
6704	vbox-img.exe
6500	vbox-img.exe
1368	vbox-img.exe
1984	Ld9BoxHeadless.exe
4380	Ld9BoxHeadless.exe
4052	Ld9BoxHeadless.exe
5544	Ld9BoxHeadless.exe
6480	Ld9BoxHeadless.exe

Loads dropped DLL 64 IoCs

Processes:

LDPlayer9_ens_1001_ld.exednrepairer.exeLd9BoxSVC.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exedriverconfig.exednplayer.exe

pid	process
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
6444	dnrepairer.exe
6444	dnrepairer.exe
6444	dnrepairer.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
5392	Ld9BoxSVC.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
2148	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
744	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4580	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4500	regsvr32.exe
4992	driverconfig.exe
4992	driverconfig.exe
4992	driverconfig.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe
6852	dnplayer.exe

Modifies file permissions 1 TTPs 6 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exetakeown.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

2000 icacls.exe
1760 takeown.exe
5244 takeown.exe
2136 icacls.exe
3836 takeown.exe
6744 icacls.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

1108 discord.com
1109 discord.com
1096 discord.com
1097 discord.com
1098 discord.com

pid	process
2000	icacls.exe
1760	takeown.exe
5244	takeown.exe
2136	icacls.exe
3836	takeown.exe
6744	icacls.exe

flow	ioc
1108	discord.com
1109	discord.com
1096	discord.com
1097	discord.com
1098	discord.com

Drops file in Program Files directory 64 IoCs

Processes:

dnrepairer.exe

description	ioc	process
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libeay32.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5PrintSupport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\capi.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDD.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSVGA3D.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5Gui.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSampleDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\comregister.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetDHCP.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDbg.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxHostChannel.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\ucrtbase.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxEFI64.fd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\padlock.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dpinst_64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSVC.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-environment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-sysinfo-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_V2_utils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxRT.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES12Translator.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxVMM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9VirtualBox.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxGuestPropSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_CM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-utility-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStub.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstInt.exe	dnrepairer.exe
File opened for modification	C:\Program Files\ldplayer9box\api-ms-win-core-console-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\USBUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vbox-img.exe	dnrepairer.exe

Drops file in Windows directory 5 IoCs

Processes:

dism.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid process

2540 sc.exe
1828 sc.exe
1256 sc.exe
2356 sc.exe
4820 sc.exe
1400 sc.exe
1952 sc.exe
4308 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2540	sc.exe
1828	sc.exe
1256	sc.exe
2356	sc.exe
4820	sc.exe
1400	sc.exe
1952	sc.exe
4308	sc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dnplayer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

5292 taskkill.exe
6336 taskkill.exe
5296 taskkill.exe
6672 taskkill.exe

pid	process
5292	taskkill.exe
6336	taskkill.exe
5296	taskkill.exe
6672	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

dnplayer.exeMicrosoftEdgeCP.exebrowser_broker.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644031235658480"	chrome.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeLd9BoxSVC.exeregsvr32.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\ = "IKeyboardLedsChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-a227-4f23-8278-2f675eea1bb2}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ = "IGuestFileIOEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0547-448E-BC7C-94E9E173BF57}\NumMethods\ = "43"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26f1-4edb-8dd2-6bddd0912368}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b5bb-4316-a900-5eb28d3413df}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762e-4120-871c-a2014234a607}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\ = "IGuestSessionRegisteredEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ = "IExtPackManager"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-800A-40F8-87A6-170D02249A55}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\ = "VirtualBox Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4430-499f-92c8-8bed814a567a}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Ld9BoxSVC.exe\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ = "IGuestFsObjInfo"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20191216-1750-46F0-936E-BD127D5BC264}\1.3\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2D12-4D7C-BA6D-CE51D0D5B265}\NumMethods\ = "16"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ = "IForm"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4022-DC80-5535-6FB116815604}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\NumMethods\ = "32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\ = "Session Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4a9e-43f4-b7a7-54bd285e22f4}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}\ = "IAudioAdapter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-73a5-46cc-8227-93fe57d006a6}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457b-99fc-bc52c851a44f}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3EE4-11E9-B872-CB9447AAD965}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\ = "IFormValue"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4430-499F-92C8-8BED814A567A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\NumMethods\ = "30"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6FA-430E-6020-6A505D086387}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\NumMethods\ = "40"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\NumMethods\ = "17"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\NumMethods\ = "16"	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

chrome.exeLDPlayer9_ens_1001_ld.exechrome.exeLDPlayer.exednrepairer.exepowershell.exepowershell.exepowershell.exe

pid	process
3320	chrome.exe
3320	chrome.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe
5328	chrome.exe
5328	chrome.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
6444	dnrepairer.exe
6444	dnrepairer.exe
5268	powershell.exe
5268	powershell.exe
5268	powershell.exe
5268	powershell.exe
5240	powershell.exe
5240	powershell.exe
5240	powershell.exe
5240	powershell.exe
4964	powershell.exe
4964	powershell.exe
4964	powershell.exe
4964	powershell.exe
4204	LDPlayer.exe
4204	LDPlayer.exe
5632	LDPlayer9_ens_1001_ld.exe
5632	LDPlayer9_ens_1001_ld.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dnplayer.exe

pid process

6852 dnplayer.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid process

628
628
628
628
628
628
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

5364 MicrosoftEdgeCP.exe
5364 MicrosoftEdgeCP.exe
5364 MicrosoftEdgeCP.exe
5364 MicrosoftEdgeCP.exe

pid	process
6852	dnplayer.exe

pid	process
628
628
628
628
628
628

pid	process
5364	MicrosoftEdgeCP.exe
5364	MicrosoftEdgeCP.exe
5364	MicrosoftEdgeCP.exe
5364	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

Processes:

chrome.exe

pid	process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeLDPlayer9_ens_1001_ld.exe

description	pid	process
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeDebugPrivilege	5632	LDPlayer9_ens_1001_ld.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	5632	LDPlayer9_ens_1001_ld.exe
Token: SeCreatePagefilePrivilege	5632	LDPlayer9_ens_1001_ld.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe
Token: SeCreatePagefilePrivilege	3320	chrome.exe
Token: SeShutdownPrivilege	3320	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exednplayer.exe

pid	process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
6852	dnplayer.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

chrome.exednplayer.exe

pid	process
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
6852	dnplayer.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

LDPlayer9_ens_1001_ld.exeLDPlayer.exednrepairer.exeLd9BoxSVC.exedriverconfig.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	process
5632	LDPlayer9_ens_1001_ld.exe
4204	LDPlayer.exe
6444	dnrepairer.exe
5392	Ld9BoxSVC.exe
4992	driverconfig.exe
4820	MicrosoftEdge.exe
5364	MicrosoftEdgeCP.exe
5220	MicrosoftEdgeCP.exe
5364	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3320 wrote to memory of 1680	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 1680	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4676	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4976	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 4976	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe
PID 3320 wrote to memory of 784	3320	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://delta-executor.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb73989758,0x7ffb73989768,0x7ffb73989778
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:2
2⤵
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:4976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2620 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2640 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4748 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4908 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5116 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5136 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5944 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6212 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6528 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6628 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6668 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6908 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6920 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5508 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5440 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7068 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7408 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7548 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5856 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6968 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5620

C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_1001_ld.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5632

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
3⤵
- Kills process with taskkill
PID:5292

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
3⤵
- Kills process with taskkill
PID:6336

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
3⤵
- Kills process with taskkill
PID:5296

C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
3⤵
- Kills process with taskkill
PID:6672

C:\LDPlayer\LDPlayer9\LDPlayer.exe
"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1001 -language=en -path="C:\LDPlayer\LDPlayer9\"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4204

C:\LDPlayer\LDPlayer9\dnrepairer.exe
"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=524902
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6444

C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
5⤵
PID:3184

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
6⤵
PID:5620

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
5⤵
- Manipulates Digital Signatures
PID:6468

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
5⤵
- Manipulates Digital Signatures
PID:5816

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
5⤵
PID:5780

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
5⤵
PID:5328

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
5⤵
PID:4776

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
5⤵
PID:6472

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
5⤵
- Manipulates Digital Signatures
PID:5836

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5244

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2136

C:\Windows\SysWOW64\takeown.exe
"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3836

C:\Windows\SysWOW64\icacls.exe
"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:6744

C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
5⤵
- Drops file in Windows directory
PID:2644

C:\Windows\SysWOW64\sc.exe
sc query HvHost
5⤵
- Launches sc.exe
PID:2540

C:\Windows\SysWOW64\sc.exe
sc query vmms
5⤵
- Launches sc.exe
PID:1828

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
5⤵
- Launches sc.exe
PID:1256

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5392

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
5⤵
- Loads dropped DLL
PID:2148

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
5⤵
- Loads dropped DLL
PID:744

C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
5⤵
- Loads dropped DLL
- Modifies registry class
PID:4580

C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
5⤵
- Loads dropped DLL
- Modifies registry class
PID:4500

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
5⤵
- Launches sc.exe
PID:2356

C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
5⤵
- Launches sc.exe
PID:4820

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5268

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5240

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4964

C:\LDPlayer\LDPlayer9\driverconfig.exe
"C:\LDPlayer\LDPlayer9\driverconfig.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4992

C:\Windows\SysWOW64\takeown.exe
"takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1760

C:\Windows\SysWOW64\icacls.exe
"icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2000

C:\LDPlayer\LDPlayer9\dnplayer.exe
"C:\LDPlayer\LDPlayer9\\dnplayer.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6852

C:\Windows\SysWOW64\sc.exe
sc query HvHost
4⤵
- Launches sc.exe
PID:1400

C:\Windows\SysWOW64\sc.exe
sc query vmms
4⤵
- Launches sc.exe
PID:1952

C:\Windows\SysWOW64\sc.exe
sc query vmcompute
4⤵
- Launches sc.exe
PID:4308

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
4⤵
- Executes dropped EXE
PID:6704

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
4⤵
- Executes dropped EXE
PID:6500

C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
4⤵
- Executes dropped EXE
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8004 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8100 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7312 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8288 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8500 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8512 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8504 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8636 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8980 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8004 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7424 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8808 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9572 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8468 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8788 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7344 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8216 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9708 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9716 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7812 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8016 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4580 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7732 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=2296 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7760 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:5564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7520 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4940 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7904 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:7080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5660 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4952 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:7108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=4376 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=872 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4640 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4584 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:7072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6016 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=4448 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7508 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=3576 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4760 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6152 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7876 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6360 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=692 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:8
2⤵
PID:7044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=6856 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7872 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6404 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:7104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=7112 --field-trial-handle=1760,i,13638419711663412011,220587850824774450,131072 /prefetch:1
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8
1⤵
PID:6520

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4820

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3348

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4316

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:2312

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:1984

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:4380

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:4052

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:5544

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
2⤵
- Executes dropped EXE
PID:6480

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:6760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5488

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe
Filesize
1.2MB

MD5
330013a714c5dc0c561301adcccd8bc8

SHA1
030b1d6ac68e64dec5cbb82a75938c6ce5588466

SHA256
c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a

SHA512
6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe
Filesize
3.6MB

MD5
2061141f3c490b5b441eff06e816a6c2

SHA1
d24166db06398c6e897ff662730d3d83391fdaaa

SHA256
2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0

SHA512
6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
Filesize
17.4MB

MD5
93b877811441a5ae311762a7cb6fb1e1

SHA1
339e033fd4fbb131c2d9b964354c68cd2cf18bd1

SHA256
b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b

SHA512
7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

Download Submit
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
Filesize
5.0MB

MD5
d4d2fd2ce9c5017b32fc054857227592

SHA1
7ee3b1127c892118cc98fb67b1d8a01748ca52d5

SHA256
c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185

SHA512
d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
Filesize
1KB

MD5
7d9917bcfe436c914f2f90a58a4a4882

SHA1
5cbaacf5ab9a093015a63e428f24be393a50e98b

SHA256
49d3e6e11f63b3e68aa41c62bd535defe8145116a5519e724676ff382f059711

SHA512
450e3a4cea66f877c8608ab2e634b18fce4703303783cbbe2aaa1bd120924ae963fb51f6cacb6432b842eec57d85f7e88a75b955c6c1b878225e25841422514d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
2KB

MD5
3d11d0edfb0949c48b5e9a907bca7460

SHA1
658fb44f9f6a90c06693b394f294fc3d71516bd0

SHA256
445b7fb90df96c83ab007223d7069c8b26f5b058b030a6ef393875501072d0b3

SHA512
0ecd028da0f7cbdbf164d5efcedf1033320eabb49a15ac49f8a8df29cd9ee0358f879738d4b63482023e7dd35629ac0be2b48714635387fe0f0d427c45b61d41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
1KB

MD5
7c305bc6e39eb705f700ffb370acfc79

SHA1
2831142bcf8f869da859a896e2bcc0e2225efc72

SHA256
879e862bd44f2364abde0b7b832b98fc4e24ac3f1e10f66eeaa26ae1b22cd7df

SHA512
c582a07adaace283059938f61b3e888b436747a0174371f0df90a67e8af5b23f8fe09a48e43eb22dea65017a2b169af6f9e3e3a1f974a8fd6dfb0c10a2c0d977

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
Filesize
434B

MD5
22e5f5a768660f951ebd108224b62a38

SHA1
ab0401ee012a08337bf75d01787cfb3653769b1e

SHA256
4d22aec763bd6279eb18ac0908baf41bc581bf30c4626872808e7c29c86d83c8

SHA512
8c59eff94956fd412293f705708ae41e7b5d88aa9476652188078435893b19a776e934ba569a755f568bdd4270c0245f332f75bb47d4bf23e59be125a2cdcbd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
458B

MD5
28ea3db64ea9cd33c14140ccccd8001a

SHA1
fd0688137786e9d6951b3e9ad896df75b6fb5f0b

SHA256
188fb0e06afbdcdb39bddac5a1aeb197162933b28e89c5cba99de4c2a7141a73

SHA512
f954e1e02838d5b1d018ee4c724c00cedf262dfdb68dfc4c90e80d09fc629525a187b1dab8b5f1d7d03e04e999a7018e77aeccb70b790b38a5024217c05afa00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
432B

MD5
bb1c6e28ed64c69d6cf907f0608bbf5d

SHA1
bebe174c89628c769605e1369f0e88bdb67176c3

SHA256
a91341fbc17deff024cef4aa1d952adbd4a636dbcaac722dcb8077f06b7b8af5

SHA512
1b61fc33cc40f656bf93f7d3295a1732784e1b2dd457de359ecc3940f05305420e85680b71c28b8072b45032578c0a8c64b68c4f34bfee9a1276daa3a2202009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\412fe55f-4ba2-484b-b506-b54ee900d1f7.tmp
Filesize
6KB

MD5
53ec14a492412851cbf8873954a1bfb1

SHA1
f43e5b25e2f1a91c9e24328c4605ff2240f16087

SHA256
d8568702c0fced3f47e7006f999dcb5d61ce616a41f9eb18bcdf4ec4692e6fbd

SHA512
485f14d8d7f3e09005eeeaa13e9e9485aed1c8105b39dc869699991822ae42fdfedb28d09aa4122d61e14b21cf3ac31d2403a162ca56317e1b1d580ca916c54a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
19KB

MD5
e61dc28d8ce493ee69dc269c4a176608

SHA1
4a0d7c73109d3475afba526a57c06e8459e39972

SHA256
b726a168d917d17a4507e271d0f9f870cde5f6495b6f5df19f2af89d18eaaaf0

SHA512
eebec02796f1cdbb90de1ede3e0e9e2f849d12783b0549dc54ef750660255abb98606869f040e48138129c2931632df198fb26d356f03dc28cf492f98244258b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
30KB

MD5
5bb495aae622eb3a61a964ea58321cb7

SHA1
ceac178b3f78d3b98e0a7ccadb4cecf8a20b18c6

SHA256
2c9a2e7e1a599d23aa2ee540c8a27fed7a82e4e09666017534ad50b4782d17be

SHA512
4f9c64863874d2f7880953c530133104e64bc08e54d9226db486fe082ab6549fb7a9e35bd970a94b810f75f0c5d1dcd7b7480d976f3177611e9942cda5e4839f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
51KB

MD5
fbfd93d3820d147a13f7c06f0db6a67a

SHA1
bced66174ffa05392deef759f0175e85df12daa7

SHA256
5fd7367c3f9a1a78800805273d1007ec94135fa4e7316a97ab1fbbcf8d22efec

SHA512
98553c92e7e59865be6e4fc2ea4ac0a37c93087f600f89998f7892558a17a2d9d132b6cc85a6c9a66a0293f6ce730127a0403f64105de9e35b740a8e757b94b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
102KB

MD5
2988e019dcef0dcdf6281361f7d34f5f

SHA1
ec69291ab59e756a4ed4665846e7b0bfbba40783

SHA256
171e43808d2d390ecac7c188a21fa3bb52d80207be9dfbb7f25798817c8017ad

SHA512
603a548726eb9065b1df9ccf7e996039a4d37f9cb6b4a6909909518c0e23ca71af17de68298fc7f4100f7005c815874c234ea43c84b5b111cd90861ada9daabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
145KB

MD5
27e0b0d117c9b50b2dd782e77926c41a

SHA1
f6b69d3570bca5026ce8fd3670224d4f10a5d833

SHA256
f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d

SHA512
632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
32KB

MD5
8baf7b05bb08b2b0a18fbaf6348a7613

SHA1
d55c631c88d8ac143867d6eea2357bf41aa5ab0b

SHA256
5fabea6622f0ba05402c07831fe73a9c91eb361b5a8b6f56a19eae9438b3dfae

SHA512
44653278eff75a0e87b3c01abc556c4ad8fdd211fe30c24d1aa7333a6396764f075c9413e6d8806dc8e5d6d6d6a010f63fff0b20d9be747d5ba68e9342adfa24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
70KB

MD5
eb42584633f1c945908d87bfc7eb0d7d

SHA1
ff5677f6a5a117c1bcda20d42a347aeb2f58e9af

SHA256
12fdaa36d3a645b6e12018936d11e9ff45062cb96672dcc53f172d5072c6a2c8

SHA512
4803996abe2167c6376f20331e3040c4f67c881a56e5701aff7de7b1af6e851721a1b66d0cdf3ac64ea73c3df35bed28864863ce425346340c6c62ecce53e8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
143KB

MD5
4c28cca064e3932026d2a5754a5cd9dd

SHA1
bb7a246bca26668eec956fbd01fe39b7a16170d0

SHA256
825265ea317e1925a870cdb4e1a5da7d9d3f0185e60d49dd2a66a2d4869fd16a

SHA512
e9056ae7a5d5757c2540413b2a426208336cf0cc294edef0429fbe47ae1cd510513462b3d5793d4a90097bfe228ea41bb9c4404594cc7f3b92e53414b011f097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
51KB

MD5
6608092c979015f7875cf9f92e14924b

SHA1
9c0ed80c16e02e17738eb1eccc2203f9d6531e1b

SHA256
05cab22238b127a05d2a6b7972f0bf26f355155e278087adb080e1462b48f8e8

SHA512
f1772f3d70a08448d15a12fad389b9f28b652d112f187e9183c84b5403ce7fc41e0c6b098a31ed659ae4d2a334b38fa00330ee1febdd6a13c26a6175fa476e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
Filesize
60KB

MD5
af2a4a5954cfbc18141004185df9abf3

SHA1
912be6ce0f33262de5e72e7b4f23ae3ef136b203

SHA256
620b581a43249cc8940e41e160444822fbcc264a24db948b7dfcbb2d218e096b

SHA512
e75a5335c076f2c5b34a051481d9f2f7432fb60882efe16cbabc8268a2090c4bab6ba4d9a86e347beb04117c3d191bbe5a5f075513a504724adb667d2a22ae74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076
Filesize
41KB

MD5
271aa829d4ee3960b052d1e8e96541ae

SHA1
3c2f47a58201c0dc0104b11da2fead60054eb7d2

SHA256
73b567eccb4e9b2257334d383e9584546f49ac27d893357e2bda2821faa770ac

SHA512
f50b5d261e909e4b3d4cdf99c567843c4b624f0ed9b7dc273167330f84dc544c5ecdf8cc0709db47be7398c70c26deacce5603523e9e6914cd3f66748304723b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084
Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085
Filesize
19KB

MD5
06c5056614c487a25e3ed2d626e09e9b

SHA1
96052d706a61e9208918b3924aba298fe85c79e5

SHA256
9aa5bf4b74777ae6381f05aae0fa77a598b914331280efa125120d00b87cac38

SHA512
7271c9fbeb9773a201960b76f33b68d3e230bf08141513868f3d731883979f609d239ae3239ca8700dae4f4cc17243039ed7e03ce874e88f643c89b0b02a0555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086
Filesize
97KB

MD5
ef8bc3dc2c59253e10c6af72aac8f020

SHA1
b311b75e56c2ab9ab75b2c7e5bfaaaee9270aff6

SHA256
768c4ac2ead51910ca155ad257416b14234eaccdc53e2193ec7609b6d499cf69

SHA512
1a4f1fefcef71bb19cc21f6993b4e7c1b2249bf4d94a93811c0408a691bfcbc56865d91eff3125af0616e5f80fb5e153943f8b23b3e19d1bb4691ed963b1921d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087
Filesize
808KB

MD5
f9c1521230c4b671abae01ddf739e61c

SHA1
e68ee330b7bc15f773b1fb2c9c0a29318228efb2

SHA256
34e837ad6689f8c3a2afec77c185e3bc2a9a62a97ef5bcf075390c29286a6093

SHA512
2725e9656ac09c325249efab902733e223089494d0c50b7810bf813fd47923f9d925bcac8a4d5a31e877149fae22c3e0ec3bb94daa1ab711dff3a9083c29a814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088
Filesize
19KB

MD5
33ad2290cdf2487f6dff9bf512cece28

SHA1
b56e223cea17569e13c5dd72aff3e34d40f114a9

SHA256
2d01340947a8b8ff697bd0176aa1dbcf81e8fef67acedaf3ede3c71c179007c9

SHA512
df14b0d6217da08012a6571be6bf1eb3ec8ecb35197e610a32bbeca511c23075f7514de79a7963ff0e4be46cd1f3f1440b84219ed37a6d12c22ecaffb6391d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089
Filesize
32KB

MD5
0d78964806b61a003056e27b74af4e96

SHA1
552a63787619ff3d4ced22750d601de5f551f0b7

SHA256
af16c22e9d7ef9e378c71fd0fbb435b4ce73454005c8a11482c976ecbcc1ddae

SHA512
9f7af8dced29f2f8c998f6399e8351d3ca35f81b1d392c59179cda0afc78840278d0a85356cf1709a9be0356a566587058adad8dc228d0ebf62399e2b5696abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b
Filesize
38KB

MD5
6be04c153ffdefe7bca6e5731e403400

SHA1
82d7eff39c9f5ec9aac4d9de04e6ed16506d931d

SHA256
8116e67156a24f9fa7ac82d235b6e87f460536fd3d7783425c39dcf1f109af1a

SHA512
912e4550596b28cd740e9722cd441ab17bac16f4e62e7c6b09cb48e8f2e9eff7a732504bfde9604d3caad0fa5e00b31fad5d7009225f57d68ac94726c1731e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d
Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e
Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f
Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092
Filesize
43KB

MD5
7706a7090b4e8b6cbb91368f2864ef2d

SHA1
7b023865feba74bd032cb7d5e24010379e608c51

SHA256
ba97d2bfa8697214238ba745bdc5467bfad46780c342b8d0fe7921f6fb03a29e

SHA512
02e08ac7593ca3bc0d936cbc94619ecb8b5f7778952c5fb3b45e5b0a51473f5a69c03ed37d69f155f1fb6e07c5cb1a6fcfbe4263bb4dd689895a14a2c1441905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c
Filesize
25KB

MD5
741df343b4e154bab67b7297aa9e614f

SHA1
04617eeec1bc3154039c97a0862821b4c1099336

SHA256
4e8763c282cc3907d0d00e97d7db60f9cd7a52c763670cce707d3c91ee8e05d7

SHA512
44d0baf07f941df7024049c4f9f4b7a8e405aba38852d0536f8ccd87df9c17f2dacda1a241e4c11ec60ba83ce4b493142a67514953458c2a7dd44026eacaa706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b0
Filesize
26KB

MD5
d4fd8a996f96be94f34bdc25b50352c3

SHA1
557e0c103c15566bf230e6cb637de02d455beb56

SHA256
b16a96c49a6232304ae1d42e5866f4ca790f9b38fb6fbeda2c3102564f9fc0c1

SHA512
5ac78659c141435310ada241f0a567bc451df7f8b55cdb6f77c71e893c5409c1c88978c45de48e9002972593bde31591f59e962d20a084e66b976de9427ab8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b7806ce3d37af63_0
Filesize
288B

MD5
505c67fab2d71f9f3f3edaf4e41a769d

SHA1
32160d610aa2c1216754ce280791ef74ed17b359

SHA256
00741aae8b80162f1ade5017d7bfc443ebfb89ef4f465b96546d1fd6ca9f1851

SHA512
c11fd609fdfa3a6e0e58392facc3a145e0e4c1fb79dd2a7b5a6943b8e81837ba123701b4d056d07287794552e6909701b9a5fec127fd96e817073fd3b106a857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\14f8b2b0b724ddc6_0
Filesize
329B

MD5
a408fdf7c3f3c2a142f70a85621d597d

SHA1
a8f19cd55758dd010a583c1b084a0aa108cc392e

SHA256
13c1bf69fe63aecfd4b82aa68dbae251f9d44f2d2bc4ceee8f4c32ef02f2c083

SHA512
8a0815209012845cba7d5e1807e44899caf105b77aeb113da0eb2e4c61feb3797d43d75ef44d23713b662748e30bb05b4730609c5d90b2f2ff1f5294fb7e4cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17470877b9578ed3_0
Filesize
382KB

MD5
9f4fee7d9f6b7da8dd371842cce16727

SHA1
2fff8dc0b0dd035cb28729918ce1b124b9f16019

SHA256
83d907b1c053b24a565922e2ad59d7ad04b7bfda9367a81e8027933a4a2c80dc

SHA512
a7873d255175bb3cb95aced7622c304b193b1e987e9d2d286ba5e9273fa7965cd8a5e2fafeef4ac134e939e66379c5a7c4200b2dec0b1ae40e9386877e05d500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b1055dd4df6f5f6_0
Filesize
20KB

MD5
525bf1b23ff15e8aa9acd8a93219db6e

SHA1
aa1fa72a06a4caef5a45a4715cdc754e583a05e6

SHA256
9e9b3acdad850423601696225f1effae9b588456ef10a50a9764c0f258f756a3

SHA512
8860e61fe8ae4e67133ec831e0821a600817483a830f6ae728180605a3e2cc62e89133c31698acaa5ee7245fa31b344934dac753af81526a5d5f40a54cb804b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\21270d15685de938_0
Filesize
265B

MD5
b0f2859bfd640431dbb0d67206100f15

SHA1
936dfff17d4f1c948d850a441f86b08022518de3

SHA256
8944f8df08b8377a0b785910cc5c61402f08b6fea15fe4cd76addcc585c0fbef

SHA512
fa85e47754ea6007702b57023558178fc3a643662b26ee030041833684c9aad6e50628959427287ae116c9e2c4b1ea3d0d6749cf87c1b0434bd72deec8b6e363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\235917262d9391d4_0
Filesize
284B

MD5
40db2372d13db4a5f2a46088227a6b88

SHA1
407e483f9f6d762e2ba58a12d459555af683bbfe

SHA256
c47ac552084c346450e2fd0bb9a861521e381ea8ed5379c0daefdccd4dbe0fce

SHA512
c0e5150f34f19bc15417c23e3a23ce3ae31534a42989551307c802ec19318b02793c2c5bc261af3432c646f59bbea1d121575dd660a8d510f2713fc257899eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0
Filesize
267B

MD5
0976e02ac926263403a6779f6f8f4ecd

SHA1
c408b7637458f6bfa7bfaf1a04b88e2371c05100

SHA256
5d58f796ec2abb389440933b1065961c88a9d82c90f0d4770687f0d057e15efc

SHA512
d390380937d75a763cedcf10cc07275c18c7071569b87ac7f08a537fa929066ccac1679ced29424a486beb707662e4d550b23a3291cfdfd3993626b26633fb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30faba46f8cd4481_0
Filesize
302B

MD5
d767539d7f7753c96e9eeeb298150a75

SHA1
dc8c65aecd234aa5b8ba03672e5437abe2167f26

SHA256
01531c70ab8356a73abfb792c75cd0e635928d3c8908caa56d8e5b4ed2da97b7

SHA512
7ef08aa58c5a10bd8c42943b237b11f3b53163bc66dde9506bcf95bcf53759fbfc0b999a56b52b42fc048bcc9e54277aa0401ca0fbfdd505d630e00f8dd887c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0
Filesize
309B

MD5
10bb74b1f71f8f0a36f433a2420e7da6

SHA1
1a78d2293ffbc55f2b6e4be6bb088d378ea95a68

SHA256
fb4c954b2afe7cdaad5593603eddc3edccebf3c04c5589fc694e8e692feceea6

SHA512
40358057c44b45ca1bab35ad4eeee3f76e75a5b48f403cdc7da6fdbbaf1e17a6255818b932ce24ab265c07615fc576626b96b6e8b68524b89383187851e49899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\344ec6eade6d52a2_0
Filesize
3KB

MD5
775837b015380cf19515ce90020047f6

SHA1
af63575659edfffc1a7acd2553b9e8514122d899

SHA256
a9733b343c3763665d13bd7efe98efd1e3bcdc4eb08608e16e970211912d3ebf

SHA512
bd997b0cc346b95d0a5f44fcb6af7a7c07713bf84173072c3495376df32be9d7b707e1097ce884c0956ced9ce6dad40737f1d120ac9ed1ca5a253c27992bbd71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e6d7af67786e233_0
Filesize
314B

MD5
8cfb780b3ca61282efe49779086647fb

SHA1
d4d94b4b39a3bb1753e9ffbeb59dbb36e5e4d4c1

SHA256
812ca33ad3538085f83983df5c0c57792b79820fe00fdddb3a9ad3ff7027064a

SHA512
543a461cdd21cf59966e38e6de29bf582ce1d64fb4e575f433dbc349714a3cadbc5570f22e7da3f737c514bf1a81a16ee50d73dd8ef3a6a75f23d5b367d29ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\42cd1f5c126c1a7f_0
Filesize
288B

MD5
476d29ed175d187583fc4f322a473208

SHA1
9cd5b04cce871723b4ffe9143744a98752912926

SHA256
0e371c4e98df3be0da8f97473d704f163ad3e5e6a69514ffc5385a0edda4a660

SHA512
88a8ee368841338be0b496b684b07df81b10a6db490aed34d3cf32cea2097c037543ed067a4347a48b2eaadb2159a07da607257084fd1f051881e3fa31824d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\482e8abbef9c0889_0
Filesize
303B

MD5
74c0fc1517a4a64b8f00cdeef5c208f0

SHA1
6015293176cba62ce871f2143a87767302b83c0f

SHA256
8fcc0979f8607989d230b4760b387039d0f8e2d00cc8d8ea393b4acc8ac8e8a5

SHA512
7d52b21f1613eb087f86c6943e2eb409b568a1da4e099172a01e7128c0cc3851d1380f473bdde9212a69d45650cc4fcb80a39896b0b387750cd803df38622e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4909926fd5227d22_0
Filesize
443KB

MD5
188450da5db74f7e44f67dd082386cd6

SHA1
a83471f14b1dd3e1e5584e1a9f9acce5e24e0a2c

SHA256
be11a00aad0b172a0d104bb54680bff6d148e417e5d9b5bdcd01e867d4e837aa

SHA512
9a6f435baf923b23d168684b8ecb9af231f721243277eae4f0e0c8df4407cfcfe7b28a1bfd31f6ec26747d03c9de89a152ed350bad89ef423e16fc3adf0c8aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\598814c740e2a69c_0
Filesize
258B

MD5
4523cda106f191df4ca2d5a0ab78e0ba

SHA1
67c8bf61a7ce809555325b4b3019c441bcd4993a

SHA256
66b5ad9f1408d31b8801716807cfda8e302fc11d4da87840617c7685157e967b

SHA512
41067f9cd2ecbc70305eb4a5f6478cee394a4531028a8d026d7bff8f2b284648f1caa8354f6f20529d08109f01af4caafa897139a05d6e7f40ff5d9409c774c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61d67150ad9c8c3e_0
Filesize
274KB

MD5
4ba71e935705799e78b4e9de0b3ec99d

SHA1
a83e7c2025bcb3cbc40a29f973a2ea826884a93e

SHA256
fc7b92b5ff0294df0986783fb572b3858913e7fcd15e0a8ceb91f292f66c7573

SHA512
3026ed7e83aca40e485bebb732d1d30ff9c67165515025c541fd55ac66995bff54b8f00dffe260086bfa779df30e3573d1fd2024b573917bb63b5ab74bd1333b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\672294a182176222_0
Filesize
11KB

MD5
940f498f09dbb2fe099409ab53ff0f6d

SHA1
3be32e855c86d6cb91b9e28dfa6abcdb876607cc

SHA256
f2a120db86b37db057cc0fdf6fd78d4d4e3df1496fcdf0eee0febb0803fe3afd

SHA512
d51dcc9921198a03abaf094f70e58ca07f0e6f197f9db4d183d0ead71b29f4a74972fa20da46ed86c273efba1bffeb3329ec8544fa4cac22c8d8ac38b01050d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68e5a804a620d989_0
Filesize
22KB

MD5
7ef693ec9c8e9376950531524e06664f

SHA1
235a5a1b4feefc0d8c4caec421330a20c77d8458

SHA256
097c4101e72341bc0b9e369cde774277d6ac821498693c94d0a8b8741fc5ea26

SHA512
88ace1c926f31adafd6847bc367c4f51f0af5b7dd9f0d95481bc2632135c6eb3215bff840054299d4f86f2da25b651ecda0c7ca8cf8162996b1b437fa2dd831c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69dec7d3e12c6b08_0
Filesize
33KB

MD5
0a4c84248d80fe4ebb23c39741aa5a31

SHA1
3c7429a89b72f24c861d97be5072ed27247b8a7a

SHA256
c48f2af44eac0e6c03154a97589a9dd2e398c77e43b03ebb53ec121054a9b0dd

SHA512
0b65f8104f99622ca0f7cdbfff2fb3946ce970ca8275af17cf4ce551ce3bcd550dea729ff8635e4085b8fc818a21fb7a8408ccb7ea1651582eb7d97e9dc0503e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70febe26d1b0f15c_0
Filesize
403B

MD5
141de72c3246481cfa8cd799cee7b029

SHA1
76ce388095333cbbf9cdbd40ba977c23766a8e73

SHA256
1023ea63b9d234452aceefce97e4f03bf2deaa126e7cb8320679f152f8877fb9

SHA512
27169c02713adebfc8c57fb0061f3aed9e3b7bff037063280644f7c19154f55213367d62844fc6afd3fa46ac81c3a37532f87e6f59c8171fa038f974edeb54ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\716ccf142b35f832_0
Filesize
379KB

MD5
20018034316b39d33fc1e364eb9fd486

SHA1
5a43c2e5357a6c1dd3f9315f9f6aa63f22d62df8

SHA256
faac7e8b10f56a6919ecebf4e2b5a00201ddddd8783f84da517470ac5e6d011f

SHA512
c1e4aa05e51db71f6b277b72bc6767716e8ee95d5da310af2b96da8dddb8b6aa031be7845c9d2a517a0565cd9eae46ae1627529fcc41546c503f06a8dbc08edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\799af28f5b35c24e_0
Filesize
252KB

MD5
7f172d11837bc152417af98122c98b71

SHA1
00a6207e78f9d25f2b07dedd5106de82a2b77215

SHA256
45f4a95db007a099190c1d29c72f17201ba347890234544b38460b27764c2fdb

SHA512
3dc334ba03a663992f3322612943513ef077fe29864f372921139ed00baf400e2ecfcabb89f5378ae83053f18e116ac1184632b92932fd43013289863b5bc10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d69a77dec3f285d_0
Filesize
73KB

MD5
a8f66eb6d9edeb695654180327e69df1

SHA1
15f6fe31d6a330becdb1cc51aa44c98c272cdfa1

SHA256
83b77a1a5e63e762c506d2e599e078085d0b3a8efefa83b165932800ee98e9a2

SHA512
c07ab263664dbd077882f527306d4bec1e57b84f0d895ab9fbeea757ece584741ddda894507cb566b2e07866f9fc66dfc43d153cdce2a26355b9226220491d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e02f716e16c1221_0
Filesize
327KB

MD5
c5eec670f1b71944810bc8d6bace6cb8

SHA1
3c93d86ec0bd9c278896ae709ef7ceb815617446

SHA256
e3fa2afdb8e9dc77f0b5009ce5ef07ff7e2cf0c02b2e5e5eac8acf70a0be984f

SHA512
87d8503740640de83faf4f37d3a6270ad546de32c823a625dd9b488bdf737f7b31eacb70167541e09fcd6bd3a1145d1527674c5014dfa5a4fe1fc4f80cfdec9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8aa05b2bea09f81e_0
Filesize
261B

MD5
0b36d18a827ea93f74c4da91b69244f3

SHA1
8a1e380cf65c8f0a7beada740a3a641993c8a5aa

SHA256
a6393425512cfe9e7d69375bbb1029b373c8c68e88a820c2a263a0fa33f0da9d

SHA512
30feeb20f8447fd237e6cd1919b792e1b468d502799a5727ad44992042edabff72226e06245d0b7035a564874e3198aa3e3633defa64bf8445b1153ff15d5d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\938fc9690feb385a_0
Filesize
114KB

MD5
60c49b6b78a8ec3f753615749a3a9806

SHA1
8afb0324a75097abf273fcd0c71f9d94fdbfc182

SHA256
37b2a19c371d828ff7f5ac7e6e0eda8f455bf6a8a6fde2716bb57f52156b13a4

SHA512
22e9851a56c6eb248908864eb0b6fd0a2da0be7a991b4d1c7bb7c1b086aa8d51fbe8995964fe0fab10e05dffc422323356e1274da14acff6535fce33f7c08bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9c0b7cc9fe5e5fcf_0
Filesize
306B

MD5
bbf225ebb7ecf42958aed84f4ddb7215

SHA1
8d5062f463c0de453610729d9a93955153ca86e6

SHA256
107c4546cd508ed72ff4e129ab05e1c674fb83defe0d0e4fc47765e2d8df2cad

SHA512
cd672e70ca4d016ba90f83d4fb5cf408263824354cd4741eeb22de1f513386e411cebc862a6121505abe930d1ca45b3463ff8e0630023e4c1cc71ec4bfd3c3a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4c8915b2528e862_0
Filesize
30KB

MD5
87a02d892b8d37860087735bf42ce97c

SHA1
f57fc597d7ab941afcd468ff5c31856765f9db14

SHA256
aac46d7500d9f38da4db6c670dad161e7ae1960fd8ba886ca8ad680e48406756

SHA512
ea78e0919fa4bf97fe6ebd6b7030b1ef1e0085c1ce552767e5ea84f9c7adcf1aa02228175c0f77ca8ce0bd96f356d9f724cefe2ebcd99c3855545dbf92b4f3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\afab2740afd73bda_0
Filesize
53KB

MD5
f724bd43c214a966a6a1fb93597185ec

SHA1
9d786b2f00ca1a804a6174ded25c6026fcf77690

SHA256
5dcb6fca258026922c6145627c8b7e4f2e0a2bee5167517fc4127fdd82790acd

SHA512
b3c88b71dd4fa223a3b03c15b97ef84bcd9ea72f9fa57ad6697f256cfb4f206c0123c86f5982744bc2b8ef388e123b27472c111a83df4e136b50ee5287928648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b057518fb31f430e_0
Filesize
274B

MD5
883be6d57a44a7c4d1dd188a123fbe34

SHA1
01c09195deee9e587c5db489b866e779be2a3a7a

SHA256
28242784b0b5d05e2a9e572c9b73ec41e8b084cc4778f9781fa08de3c8744624

SHA512
5af6424bb53504f00015bb71c9c602fe65a32fbe7b3f6f0f665f7b175e643e32fdb6f50cb25b3d5d4cfb7047ea307d7d47b91ff23e62e59a06e498099867ccc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bcdf42e00b795437_0
Filesize
126KB

MD5
cd4bb4c31dc06a356c2d1c89fef2ba71

SHA1
504a094dfd90c442b2351d5f24e76c6c2e630e4d

SHA256
784ee48712ed3ed95e6cf3767f55bf0810fa8b8af3631394f369fc6950a07d98

SHA512
bb02d9afae8c713825c9c2b6f9cbeb62c2f0fde711958b6f629a7ba1d8a80fbbdaffa1a8d50b893c7524434bd61e5850a0c4b3b1b6578976a42832bcacdd47ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd1d6dd27d18a8c9_0
Filesize
47KB

MD5
b48da35ef45619e71abdd3faacceb109

SHA1
4396196831618830a300f38fc413d243e33776fe

SHA256
481ea2b51cac35dd352e5f581425ebbb20a331b903aab645ee94a7ea191f0763

SHA512
020e4cafda1af1320dd707f57b3e8d3100a9d8d7b283f252f7e8902d1b7890d3cb954db75f532b4da82a6ff0681e1059ea623476941fd0b7c0b547ac9dd81bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be887b9148e77fef_0
Filesize
46KB

MD5
921505616109a1f0e76594aa8a9d5847

SHA1
874d0256db19b7fc519c9bae4a2bcadc190fa84a

SHA256
72cc810447ae34558d7da35dd37a87c80c7b5cab96b876d89325a83a57c78393

SHA512
3eaf9cbdffe95cb4a1b5854ae8bc078e9eb611df23f9295079278c4ac1347aa6cc8af1d96c45b2b1a6f2e4836a71f5a159bcbcc57e11c5dbe6aee078a9f40d26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\becc814af7cb4127_0
Filesize
316B

MD5
45746747b645a0b73ecbc180788c019c

SHA1
9f9bf79caf8cfbc181fbcd7627319254fa4f40ea

SHA256
00d35a121b9bb44d6cbac9948f1f68f650e91898a1eed8c51b96495da96f6035

SHA512
534ebd8394edc067179c92fe94091ff6b046d7be05c513d7078765db45fb20d2f8ca553cdcd4ee487f9004c1da24c360bdb2c8c264ef9aefb08ac88ba4041091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c74155142693523b_0
Filesize
21KB

MD5
e46be4eac692a0f99603773a8b6abea7

SHA1
8f72b4fbc4e9e843b9e6e029ed605f6940680744

SHA256
c35b899dfbbd91fd8d35c1afde49522180652881374c3e93597a50b51bb8e074

SHA512
4773c3ff4b08db64ff9dcd9342df1a8fda2b5c9abb2d1c52ec1953271f9f2c1924129d1f88e5bc574d24f3bd5c762e14f3a15a6237a6859eb0f5af4a1e30b055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c81998b7d443fe20_0
Filesize
262B

MD5
df0394c09ede4a532afb2574414fde15

SHA1
a832e9c12ecafb1e872cc1deebde290e20e05deb

SHA256
07b4f4ef2fe421fe51a807e61357a519b5b305c4cff16702256e8cededa4fd2d

SHA512
29c688e9394cd139eb3c70674aa84eb6cd9a1377ffd8f78f7a912bd67f5a81e09e7e9864a81b5c21c31c5249feeb48dc0ceb8744873efd5c4bb92cc13dd4aa55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c8a90f9ec57cc673_0
Filesize
296B

MD5
140396ad12128069ce9ccbf79abff997

SHA1
1a45d257132e528e6e33002412a3c2329bdc5c75

SHA256
e5374afcffd5dc59270919b1076038602aa10c1fb9b582cbbba564ea9c7386a5

SHA512
dc383cef2b715fdb3d46776d9e27b82a57ebacf075a537eb179f19d1434dfdd3c600d9fd73e232d2dc2806f6e86e0e21783c7f26c7d7fa540e16f5235e526d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cab44f13926ddda6_0
Filesize
279B

MD5
059d3f1f6135b958345cb240ffbe670e

SHA1
9dd68a7d366d0908feb60d25953c3c49f98990f0

SHA256
15e50b7f83dbf76015e5b5428076f5da5869a1328fbff47f37f44675d659ffc2

SHA512
7c3227be8e1fb42d08b173bdf5db89e446541e4b2b0aa1e15bb4ee85301253e5117135b6cff77c1e60e13fbd4c5f0266c4e2c3a4883bc708bc63d299cb354f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\caea610f47d83ab6_0
Filesize
231KB

MD5
66fa35fe1e1f587b6680d642e53f9891

SHA1
cf824894e3e3588e98975426c631802aaa877bd1

SHA256
ef79ac32d5a91fb78e84296f173001ec0a23dbdfd109970662bae921762c872e

SHA512
55de54f0eb2bfc305fe6b4af279b6480e3570571725f81586f1176aa12b8bb4511385193d7d86f6116d18a6b5c71131d67952a5a78c47a9fccd7e40b45a38921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cc328689e3ddaf6c_0
Filesize
282B

MD5
8db41ea98df8ab89988862dbfa0ad2c9

SHA1
2792d0eecf431688bc0b391a6e93568a461f1bd2

SHA256
5dae6a5e6bc32cda781f23ecf1a0f22bad8f0bb93b84a053c00fe77f0dcb5fd4

SHA512
621c2bee1699a8c0c777dcef69fb4e06e7c6e7d3b1ee0cf566c8f24ac65ff47ae7cb880315f578ad78f8046ae384ae13f7925f5c41c03bea4d2ccf5fe215f8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0215304bca236eb_0
Filesize
18KB

MD5
c42618e4bd9493e50f8e1a304e58ef43

SHA1
57b57f0370d0ff410d8c9dbe1b673fdada62d929

SHA256
daa730e7626008b5ad8d1db192125cd415c394049753a5380a2f37e8401f2388

SHA512
2a26ae6e266e19675f064e426d9599dff9059b2b7559acf62bebf3dfca90e1cd6c8822a23f0c5c6938656e250a2745864bb8f57a9a70ad1eba027d673a3d5940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f35462d9f8052275_0
Filesize
92KB

MD5
8cf14de81ac650177391a79e47f7aa49

SHA1
bf5b6fa8ec933b1fd3cbb86a0f9643e73aaac3e8

SHA256
9e194764826b04c5432194da2dff83410f19cb42d677bbe75879c7879b953f9c

SHA512
fc8a797e6582215dcb28d3d83d24bba1ff18c47dc959ca6871cf4838bb24dd10e45379578743ea5ff6a433d7286647db4685a0ac5ae91039fd6bf52fe21ef0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f7f0cc4049628916_0
Filesize
6KB

MD5
528b1d0bf3e08f150e930f33ad17a85e

SHA1
9dc1d6531a0f6e1266a87ac97e91dce89fc32bed

SHA256
157142ccdcd268a7af2c7d78eb30ee61c8f34573b1048935d2ee7a730d8e24e0

SHA512
6a2076c6b5531b4cacd6ee3be4ba893d6cd75fcb30330e7f9b2a27ef11e6d10594346b6aab0f73ae43ee704b45417661ffbca8cb701116b7187ba3c2411e53b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f915a2489a2618cc_0
Filesize
31KB

MD5
ab7e75f2bd5decda8b5320226a0943f4

SHA1
b27026ca9740c4ddb7faec70ee2c3cf35b421ec3

SHA256
4b30fc408a847b7f16454c6bb3a3b68e81c253a1a70aee284e18c46a93951e95

SHA512
7f4757ceae77b60abf340740b4d3aad7cb25db4aba9acc0d76aedf241ad5616e1e5870739597905bcea0777c550dfacb6c449957e0f9f1ab0e28a6788589acbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fa10717700138e44_0
Filesize
330B

MD5
c0f1f81970b0ffaf569516a10d5c4563

SHA1
8804c607ccd81b062d93b44728b9356e60bee1fc

SHA256
13938f2fd76f93d7c86f5ac1d0a9ea75db8e3db6df97c1b9f0dd6349862c6c42

SHA512
1b96c879c297f097caf4b2571eb3038ce3f060366096d46d1766d55008443bd8833012fd8137f5aa197d135f6961cd1e8d8f67d0ce3aefe7cbfdb7044735bc78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb525b7d3b4b6592_0
Filesize
295B

MD5
f8a4d6555f333ca08aa9ad1b2d4fffb2

SHA1
8e9cd48526039e89f42d22c96192ea21a602a049

SHA256
19dcbdfd90519024ba189b7f13bd5cddef74a73110def93a4979d97c028ab3ca

SHA512
2dff8a0774fcaf60c94bde31a35f6792ed1cc3cbcef26e468f0eee7f59f520ea81c1bb23996e914441328199585ca2b6f6235d36ef51d176a242d9e36e6f6e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
7KB

MD5
f93df7a71e5841c633110b66c446510f

SHA1
7e9853607a083844288c9b1ca14c5318e1a7890c

SHA256
3249fb15de4f497c9af6fb500fb45d702919a1ce1cb069da3b5127942c995f70

SHA512
968153d17f498712427e67edca168ad2b512486d29b8d0d49cf19fb89249d74aa323cfaa830e706e9cbb21eb7e72a88db88e86b2f187f8cd1c1cb6e62f540c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
93837f292e75d5043b67880bb0d0520d

SHA1
57fa82cf6d83ba9e46907d6c291a1b34ccce83ec

SHA256
8fcd91281f2d798bc9a34481d6330b76d7337293a93a20701baa93cf01d9e368

SHA512
726bb15dc0f5cc7e6dbf38a730f32689a4b8cbaca1ffcfeb58044d6591fa6e8d0ca2c7ff0c4ee77cdd2223fbbf1d11c93b252a452fc696918c6a829f70ae6e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
bfcb8198fa26d51f325ec60f336b0e6d

SHA1
f9b10e8aac7da7ddf4337142ee355a73bdf03e5e

SHA256
9217cd24fdbe62f5ea957d89d6b1adb22503f94e7f85f0188b1b05ee7ac40e7d

SHA512
eebf3354806162eaa6f271a58ba2bc4945c7f0db8a8ed002f8e6f335d6c31a38baf7ada2e2ad2e3650d34bf200800deeaf503155e00ede505dd3f65a173ffb58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
5618b6a66ff61988068e65bc802c2b95

SHA1
a2ccd6b0c75b876211e6f9d691d4dd91bdef3829

SHA256
08bba20e411a26e329963d32cbdba2a2e063cb40fb7edeb1746a364960f92b17

SHA512
60938222a885e4f7c60bf1e4749f2ec9bf4d0674591f4634437351bb316273f456b93e6839b7f761d8e758300e496b69014c5b0a267cdf2ab381a96b7da1e85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
2e07dafd5e262c4e231ef2b2acf5d3e7

SHA1
c4dc822cc75f381f8ffeff660e8b21fab234f42c

SHA256
8183c4dd08233353d89b9b345fc81b1233b6ab373c9f7ecb8fe4baa4cd2d6e12

SHA512
055f3591c14d0cc31f9f6dd9b4ae58ae5820a3a50e458aa1302ac83824c94d311ee275a9ca1b74081592f909abe89ad72a239b92b3c7fa96c736091732505c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
Filesize
392B

MD5
5b62089a92a40f6c858f2d1f2dda523e

SHA1
f8bc7c75d6c82b55de92b93bdecdf10d638ea531

SHA256
f74d845b75921c58848d8f167a7cbc0197e58d7dac6e2fd9187b0c16d3090895

SHA512
7acfceb9fcc1b7911d49acb2048fb371492793cf4427393d0387b4e2ecf94ffc586fa717bf64231a71ba9441d571835735f0e81b3586895b881b7f38c8bb47c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe59ae67.TMP
Filesize
351B

MD5
52f82c00e5fde27a33b4c8fdd4203263

SHA1
187f416983b7ee74bf8c8cd18370e32f8c73c6d1

SHA256
78069f5899f5f3fbd6abbc86260be3ffe971732d054adedb944f01a971043eee

SHA512
94c9723a7b546cbc150b9e57e0c840661d5e2713b19394b436bc59f5e24984d0c13fa93a7df1fc9e822e0f45845aa1f235ab13d294e44b4ab20bba90b8d8e080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
24KB

MD5
ada9ecb16e535eb8660a4d3be81fc693

SHA1
b6503b6a9303d666eba751db9b4c368c82809b2b

SHA256
b162244b6e627eabd9af08001ea46c9ca66139853622fc3c09410730a2a38a62

SHA512
2b6d47f3a3083bc4b3b83bf1a37e6e3173855993273408b71b976e528e7c0f3e5060553fefb166c425d87487054fa0978eb9e7cc07bedcfeeb4901164abaaf26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
19KB

MD5
435dc57cbe9ac4187a1c0aaa7a1a9ac5

SHA1
266786f1e746fd6895f3262649ce04bbaa434ac4

SHA256
a7ca49e1ac7c9755d7b18b4d667e8be0db5e3a3ff19649371618bd0206be4af7

SHA512
115d5aa530e0eba5b09bd2614971249688e9d879a42f3fe7565d6b30b5678f850791e6fb88b7f894607c07d0c5e10f89d99e6154fea6d4297eca29e30da78363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
26KB

MD5
cfccf0cf607633b2db494c9dc40e9b76

SHA1
00bbc20f9686aa68f4c8226503ba01192ca16dd9

SHA256
9c1f254b06a36dd52ab2bf1b809f092ccbff64c2739f00caaccac91b73f376c3

SHA512
55ea049c6f38c118e70d2e8807effc2032d4bc9bd1f54d061a9b4edd543bf72b5d339989d61c1b269b40d5c5a32bf0a25c4b07bdff958b4388e0ff96719b2251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2c924fe5f93631262fe9aa754c2096d2

SHA1
36db4d525424065b2f449cd7a5cf25942db77a1e

SHA256
c96f80675ab425700eec5051c05681d594421151401eda72d8e67b9f9a6dd9a6

SHA512
de688fc745e7c065ef47ddda8af6193a5516cc7360eb110f704a8dea04078b6352ae71880f559473c8cb5d5f83f2cbf57b593c7b643c45696af76a5ae79373f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c4ff5b085a72f07911ae8e273ad88f1e

SHA1
bbb8a28148c1359c116942984b690735f7e9a07c

SHA256
76a03661afe006b565c1d2f5554a2a50f5e116971e17ad23fcbead86d848f33a

SHA512
68c8b67e4d61e22df8f248f4a698e3afa52ccc27948ade8cb3537d0f998d078fb9f9ca977c5e2702c68170951026382d814e5bcafea0e6316bd42ffe44fc20e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
43b6c8c7bdedf8b8e8fef7cb0cc9bc83

SHA1
f4189bbfd3cb1113096a2fd574661b3952bfb161

SHA256
397f8f87dc058219a445c3e74da358bbf3de47203129dd553ea83dc9a90b39ce

SHA512
74dd758ac6e338b6fb345df56d5d6ee6156bd9e60f5a9f961a6cc1d1458baf512eb5bd9dca97c2d55f21113ee7e0dfb754aa2bff00e70851c6681ef834f26eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
9f3603d76b4b22fbefcd17fa9254609e

SHA1
b192c8b2410121cbf68a5074fc896f0057f13bc7

SHA256
e7d854b39d958861da08315f41f0408582735d0882683d315c0d0974d65f5486

SHA512
41809151203bd267ce9415acff47d6fbe0257fe87a56ea4ef16c9256e8f6281eddad3962602675fc6bdc32862e229c404b453b2bf1947558c1a39349c9755b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
1c5c8bece3f9fdac1007d3bc053a16d4

SHA1
9e5aac1e3498051739402d8cb32821473f701773

SHA256
29f155254f8b45bd5a1f0e043d8118bee577369f77cbe96148395235cd51a002

SHA512
7a29af387ed471c387c44bcfc07178d889471c799a574acda921a0f315d4bba2551d37bad9e33ff6066c330c119067148e749ee8936a69a3aa6b5e41fdf8bb0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
564806ae448313025935f61937b500e5

SHA1
17b21048a159a4ce86662e32ecabd59934ce2279

SHA256
ac961875c2bfc882eabe1f09529a8953368fc54f424017302b165c86fd3df39e

SHA512
af291c7f6931e3f87015307ad16f522e7f264c61a42d85471f84ad8b29d5e7a9a664cf5129bd9af6b7ef73e8d3825a1c3a9ff1b3bb113faa27c53234c15c97a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
fa77ffffcd0a0ea74a4b2be244ecdea0

SHA1
6aae9ce38e97f0480f04f965f72f1c1b0a627ed5

SHA256
46f55dd8c397142bcf9b3991692804447a2e517f276d64297cf923d4f893ba0a

SHA512
fa0c3dedd0f0c6cf78c6ee8e141174c0933a3cec106a5a94f8dd217e234583449652b05e3ce74fb63bccd0c89301fb272633ef7d46e561f2355d71f9605914a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
f6dac6256db4a4087a135e7c39e1279b

SHA1
3bb92a457a2d396a4e210250a83a25fd180a5317

SHA256
fb2cf230b28332965f54bd94c575c8fcda1721f663feba91180d02a0367e9d0e

SHA512
94e037a1076584c647591d57f4876d76bc88b2112ec8734304c962971ddf18d49e6d8bd6e5e667b4d57c9e10faeef8af7ad975efe8ee75d3a8f581e9be63fd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
3b731ae91b722455747da173e56ba267

SHA1
9fcc1fee1db43b0f463cb3f8ada86c8baf3682fd

SHA256
fd4c571f9c758d70e702c086617e9a28f2bc92ab912da9c0ecf7109b8df48784

SHA512
85ea3ae8c8cc1b837a275d87b9cc9d36a7278e64b0b0c9c4a3add20cce524707fb304e9fca93331f1b149c4882bc228f341441dd0b8c408441067141554ebc43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
832f4bc3f3d7cca09122e4597a49835f

SHA1
43375f63f2659af5ca01694d2b1dacea239d2087

SHA256
b8e476e691c31099834c8feeb0cfd79fef7920e62d799abe90c1c12076daa294

SHA512
6432a178e4b0bd141b9395d0bfa4fe2ea50771b5e1af42af48c47f2c59768c1074fc7bb2aedba6187e5d85be3c0651dd0742e347ac551ad9e9eee83de724f38f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
18b9f97617e8ea46cfcec0a15a3f9f58

SHA1
cfc0a817838b651259e732cc458ebfac2fc10297

SHA256
53c6d3091f58187660e0705a02d44d4e4a60a90d406d041bfc46fc4d04e4cd0c

SHA512
110f489640e03a1d008b94b1257732d8c7437d5b0fcfd3504d4636cbd81c36f3f5dd24ed4de9d27b9fb6d98f7bdf4f1c1c5422dc50e918c8cdd7d3d67e3745cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
d20e479e7d37a68726b4949d091f22f6

SHA1
965cbbc805c1f6b62010fcc629c1884f64c42bff

SHA256
26934f35ee8e12f02a5c39a03236ff8d047877fd2e30b8b94b85e25b4c7f604c

SHA512
3f48257136dff9efbaf387f91edfc2000dac367e382032e487c1697edbf159ec6d0f769bd465b0b432c2b0f3243bb8398fdf2341feaeaf6db2e56723de903bd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1438c8384a54038729d736d7f39213d2

SHA1
2e83c5f2327c170c71501cc1f7ec526379721aa0

SHA256
28b48f400e04d15015ed7540d4195fda14b83d0324e37f6d038f28e1fecdf5c6

SHA512
3d23affb080fcc0738236dd6704f4f788966e1b20cde74bd795b4a95636ab78ada477a3b29ffa6fa3e73be576d50ea93f7f0e97a142a6828f256240084416b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
911aa29349176814c000b843daed6014

SHA1
ef0bac871364652d7d35ed7aee6fbf904f003fde

SHA256
42bd93c02e547d6e07c3b4d580929268f5d56dd314bb9e8c01b75122956f3926

SHA512
7025779e045fe6d46f7bfccd1cf6a1e5578ede63c2f46ba98972cf1500aaf8fe31e905e75aba3698c074a6deb9c91c56669cecc205ad23cd8c30c0d1755e3308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
813c4ff95d5fe69a302b5b0be32ac758

SHA1
85714fedb93a6022c91768ab5cef8cd08ce18de0

SHA256
c1bb567ba09196bb4c6a245de9329c472c3311d86c889336258bb7bb41f6358b

SHA512
c27ebdcc2cbf06d9a8794e9de52801df9f24cd0b0dbb447fcdf5b4a237770f5169c9c74f4fff39cd25672ec1c404331836c4bd40abb2c4df23daeec89bfcb48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
45f6443185500ddc92c98837deb54cd7

SHA1
53976ff4450be49f5c5a341a2032d5defe2d1c3e

SHA256
fd5a3310307dafd6e17019a6c8a2e519c052b3f249a3631f84d384b3e6f05f12

SHA512
2cb184e0b018cd2196270d7cf12ed246d89c7349f647556e9445bcb9e204aafd34b381e758fbb73ebf1a3076baf11f61049e124ef22e55a9fbf5e5abed0cfa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3a420eff95d3f14f5206fd18c9f27108

SHA1
1370bfc49cf48bafc72a4aa3d1642c70c57da547

SHA256
e06dbbb8af9e5416d4229adb592b632cac092ddd5795e542aaa76bdf5de61a8b

SHA512
05fc7ad3c2a018389d7e777cda98398231399f0b5959a20274f9f946d9a7255bdb3d501550ad450933435f1d90626ad559e887d281619e37ffce7948ed946a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
aeccfd5c22212863115ba1672679e2db

SHA1
52ffe17c1c6528e8feffa8b471a88d92901969ea

SHA256
c253529124399549e354985b5d0332dc5d0268cc7fe4904abb9e23d856295d44

SHA512
0eb4e23dcff38f00dbda0263e3b1331d7dae680fea0e7bff8c117b9aaf44a63f0b0cf19920a8751b711d589dd87115bcbf711fed62519e985c9df29c6d983bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8db349456573ae7bf1f3596d8bc7d7d7

SHA1
37b98abadbe7e4412be3bbe94e514dd738d146a7

SHA256
b14f2afa6079220669434d19d51f7bded74e2e83f16b2bc999580f287144dee3

SHA512
fefd4ee243af4db77a93f458735b8ceee9cb19068d08612a8334f9f1beedf02c468a199ace28d94c4b5e87f68612e67e539f9d48c18d26e9cb3f1cd30c33cce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4c455fa5-9609-47e8-9e2b-57f526991cb4\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
20bbb007d337b1a1c805cad28f7cc69f

SHA1
01eb8d2c1ba72af4dcd63932f082fc1a3cedc5ce

SHA256
42e860cf18f6017ce606c5936ac04ff5381e980cc5d5ae37a1826ebcbaec87b5

SHA512
48691ed0ef4d56cc1574c04c2ab55c86bd35cfa818e216fe877d54e429e16fda3a5c081436b8c5161b93940aaca757cfdc2d2df0443c5b57000e366a42b0aed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
e4262066c876890b90527bdadb2925f6

SHA1
c9c6cf7716fb0241d2b61ce8f403386eaf5790a3

SHA256
70cd00d1c557c15a94113a2c6779f2025728a1bf45c131fd5393a0697ff8f299

SHA512
4ae2a8a47014ac0a7dfa70604c1f83b264e769d4f956b929a93dc66b184ff9e8a7990ecbc0ef8fe39870f0bc9df17a340bac6d985c2973c5915f567b0811d454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
35945e292d1c5d7ece5dfc88ae716010

SHA1
39634b9b4195f493199aeac7e872f97785e23d12

SHA256
89947f7ffcd860b5334bc5c1a45f492cca6c1cf43a704af11f67aa554a9d19bc

SHA512
76fb9c501156754984b3f603f2121a57290eb3b78381263e01d7705f9bafdeb47b5df2360825b16835eb87afaa590a5c05fb98c94ff0c664621051236f5823db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
46b950a9cc13358fbfb777ef1f542a83

SHA1
edc78fca00ac52b8b4058433ebd1dd8f9e1d1af2

SHA256
c914cf0ca5dc669dc89e5a9255d012b23821a7e33008edc472cce1fde4519be1

SHA512
e65ba057bc418b8f96d5fc1c7dbce9e34463c240d9c63ba7d353dca3ae0072928d853e9a109374b373713622af81453e4770e24a95a803734fef506702a3c5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587edf.TMP
Filesize
120B

MD5
3c253414626732429b0cb206e5accded

SHA1
85170ffd935fb52a1cda03226b239915c2878acc

SHA256
abe463b578926c7454aed0c3416dd193980a453a2817b13dc538560096e48757

SHA512
091f695ec226c1335ae1e8054c288846b8c03e4a9cfc67a009c38343358f4ebbfb0b7d85504bb99decd93e91f3c362aa078dc6788ce87af89de07623123098e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
2355a614575c9467ed0801b5e5773631

SHA1
bf5ccbca08f1f98932bf2a7290cbf2861aff83dc

SHA256
f07d39c2be38fe07bfec9aad84b298bfcd3f31bc28b639a82e106fc035da2cf8

SHA512
30e873dad9df165eb25d1241288cc47d4d07e4b6ba16d9cc2e343ee1bad70d4fd053f577c22865e3b20ed8944e1dc4bff2b734151f3858e4774f4bb08e09b8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
e177c9ff6a1e5a153b8ba7d281e331dc

SHA1
0125003a1c9c76ea16386986ea9b17cc022f962e

SHA256
b5d74a85cbc388fe23c11960aaed0f69f7336ae1a725462fa0db4d56ba0314ff

SHA512
90adf0ae7285ece2d47114a6a930b43fddc5d5a10c4add453fdac87e3e85be4a9640261a273403a0ed7720fad5b0813c41a3f3653674ebc5a25061450a3392db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
de85c2ba1fdf8bcdfef42e3d12dd3e6f

SHA1
c0c7c9670a0c7eca91e3f6f17907cbec35dccc3e

SHA256
44440c93a41999e2d7d98deb0c942670aa4741ca425deb78fcc76837f53ca09e

SHA512
be0eae156f35f67ef58e22f1ac786a294d0d4ebbd76a613daefbbe42a5c27fb15c9fc098ec97db56a00acedc95d11c26ede5d33d3140e0251922e7a7d5b2e796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
115KB

MD5
71de364d6f78fcc46b9d86e8f08b316d

SHA1
932378875ea3dc771d617ae55d5e9cbbb586e4a8

SHA256
760289bb9d2d82212188b525a388bc91c48b288218803e2a11b81ea4c559af7c

SHA512
a8898b5652760a4070f0c796b264e9f69fc86ab8a70518157a5c9fe81804653ee905b52ddbbbecf2fb7afb43b0054617f133155cc9e59b8293adf4700204348e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
dbb40b2c965f03fa87873608eb87b1c3

SHA1
7345f95484abd6ffd48f197feb0813a3d5282492

SHA256
0e8326d2fcc20ae1c5266ee3b970168b378ea9b1023c0ae608a38b4bdeed3838

SHA512
aa17505e2cc7a8f8cd659485f48d8b338e06a86a06a3bca177fc4a60af0f5405fb31cb9e1be3d26acd1c12cfbd0cf90a1ab118fcba0f48ccd344f47a0aa9e248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e84d.TMP
Filesize
101KB

MD5
9d4f33a2a95cab5daa5cb1d24f6dc1af

SHA1
a0a5d5696c5abde55a5633e29514fafeb58fb592

SHA256
e5b5e66a0572b8a26df3e453320487c28c7aac9e1fbc3c5424a01f885981ce76

SHA512
6b722901aa7d8476b9b4fa2049a9be8f4781d8ca6b142405c9ef9a393228efd0c3c449a54410350def5ae382b3603e671b072dc76e996e1af1d7b445bb167ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DO1Z1BGH\favicon[1].ico
Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4un4m3uw.rxt.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
Filesize
73KB

MD5
b001f88504c8c9973e9a3b4dc03e6d1a

SHA1
a54b3046a70a4f2c792ad6a382b637b599f1dc48

SHA256
8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd

SHA512
390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 687141.crdownload
Filesize
3.3MB

MD5
86fca06e090f8017dd323ccc516a7ed9

SHA1
720fd4f4d0ac09308d19d229c8fbfde71313ce7d

SHA256
5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874

SHA512
05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
217KB

MD5
5f1df1a90bc76af511769a43ac84bdd8

SHA1
40ced6cee74b625942a8bff3d577b10867b561c0

SHA256
02a12edf529c8557c6f728831f70f515d40461602ce1873d2c94eee78b8d321b

SHA512
a1fde7cdc644bdbdc0148a013189658e745546a3ac648d2bcc55fc89122958ea45a1d3a208d57af27e0d2621327a57f9235cc3f0e2958d356fead880c27d4e76

Download Submit
\??\pipe\crashpad_3320_CPUCURRNQGDQTBNQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\Setup\ds.dll
Filesize
79KB

MD5
d9cb0b4a66458d85470ccf9b3575c0e7

SHA1
1572092be5489725cffbabe2f59eba094ee1d8a1

SHA256
6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05

SHA512
94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

Download Submit
memory/4316-3773-0x000001D2B3CD0000-0x000001D2B3CD2000-memory.dmp

Filesize
8KB

Download
memory/4316-3771-0x000001D2B3CB0000-0x000001D2B3CB2000-memory.dmp

Filesize
8KB

Download
memory/4316-3775-0x000001D2B42F0000-0x000001D2B42F2000-memory.dmp

Filesize
8KB

Download
memory/4820-3689-0x000002457DEA0000-0x000002457DEA2000-memory.dmp

Filesize
8KB

Download
memory/4820-3829-0x0000024505800000-0x0000024505801000-memory.dmp

Filesize
4KB

Download
memory/4820-3828-0x00000245057F0000-0x00000245057F1000-memory.dmp

Filesize
4KB

Download
memory/4820-3654-0x000002457ED20000-0x000002457ED30000-memory.dmp

Filesize
64KB

Download
memory/4820-3670-0x000002457EE20000-0x000002457EE30000-memory.dmp

Filesize
64KB

Download
memory/4964-3116-0x000000006D550000-0x000000006D59B000-memory.dmp

Filesize
300KB

Download
memory/5220-3718-0x000001FB406C0000-0x000001FB407C0000-memory.dmp

Filesize
1024KB

Download
memory/5240-2919-0x000000006D550000-0x000000006D59B000-memory.dmp

Filesize
300KB

Download
memory/5268-2711-0x0000000008080000-0x000000000809C000-memory.dmp

Filesize
112KB

Download
memory/5268-2706-0x00000000049B0000-0x00000000049E6000-memory.dmp

Filesize
216KB

Download
memory/5268-2707-0x0000000007500000-0x0000000007B28000-memory.dmp

Filesize
6.2MB

Download
memory/5268-2708-0x00000000073F0000-0x0000000007412000-memory.dmp

Filesize
136KB

Download
memory/5268-2709-0x0000000007490000-0x00000000074F6000-memory.dmp

Filesize
408KB

Download
memory/5268-2710-0x0000000007D10000-0x0000000008060000-memory.dmp

Filesize
3.3MB

Download
memory/5268-2712-0x00000000086B0000-0x00000000086FB000-memory.dmp

Filesize
300KB

Download
memory/5268-2713-0x0000000008490000-0x0000000008506000-memory.dmp

Filesize
472KB

Download
memory/5268-2730-0x0000000009590000-0x00000000095C3000-memory.dmp

Filesize
204KB

Download
memory/5268-2731-0x000000006D550000-0x000000006D59B000-memory.dmp

Filesize
300KB

Download
memory/5268-2737-0x00000000096C0000-0x0000000009765000-memory.dmp

Filesize
660KB

Download
memory/5268-2732-0x0000000009550000-0x000000000956E000-memory.dmp

Filesize
120KB

Download
memory/5268-2738-0x0000000009890000-0x0000000009924000-memory.dmp

Filesize
592KB

Download
memory/5268-2815-0x0000000009840000-0x000000000984E000-memory.dmp

Filesize
56KB

Download
memory/5632-638-0x0000000008360000-0x000000000885E000-memory.dmp

Filesize
5.0MB

Download
memory/5632-637-0x00000000720AE000-0x00000000720AF000-memory.dmp

Filesize
4KB

Download
memory/5632-669-0x00000000720A0000-0x000000007278E000-memory.dmp

Filesize
6.9MB

Download
memory/5632-659-0x0000000009A60000-0x0000000009F8C000-memory.dmp

Filesize
5.2MB

Download
memory/5632-658-0x00000000094C0000-0x0000000009526000-memory.dmp

Filesize
408KB

Download
memory/5632-657-0x0000000009420000-0x00000000094BC000-memory.dmp

Filesize
624KB

Download
memory/5632-668-0x00000000720A0000-0x000000007278E000-memory.dmp

Filesize
6.9MB

Download
memory/5632-634-0x0000000072880000-0x0000000072896000-memory.dmp

Filesize
88KB

Download
memory/5632-639-0x0000000007F60000-0x0000000007FF2000-memory.dmp

Filesize
584KB

Download
memory/5632-866-0x00000000720A0000-0x000000007278E000-memory.dmp

Filesize
6.9MB

Download
memory/5632-667-0x0000000009F90000-0x0000000009F9A000-memory.dmp

Filesize
40KB

Download
memory/5632-633-0x0000000005A10000-0x0000000005A26000-memory.dmp

Filesize
88KB

Download
memory/5632-3760-0x00000000720A0000-0x000000007278E000-memory.dmp

Filesize
6.9MB

Download
memory/5632-636-0x0000000005560000-0x0000000005570000-memory.dmp

Filesize
64KB

Download
memory/5632-656-0x0000000009340000-0x0000000009384000-memory.dmp

Filesize
272KB

Download
memory/5632-865-0x00000000720AE000-0x00000000720AF000-memory.dmp

Filesize
4KB

Download
memory/5632-864-0x0000000005560000-0x0000000005570000-memory.dmp

Filesize
64KB

Download
memory/6852-3712-0x0000000033E50000-0x0000000033E60000-memory.dmp

Filesize
64KB

Download
memory/6852-3893-0x000000006D680000-0x000000006D6FE000-memory.dmp

Filesize
504KB

Download
memory/6852-3895-0x000000006D5A0000-0x000000006D5F9000-memory.dmp

Filesize
356KB

Download
memory/6852-3894-0x000000006D600000-0x000000006D67A000-memory.dmp

Filesize
488KB

Download
memory/6852-3896-0x000000006CD00000-0x000000006D2A6000-memory.dmp

Filesize
5.6MB

Download
memory/6852-3897-0x0000000069970000-0x000000006B36B000-memory.dmp

Filesize
26.0MB

Download