Analysis Overview
SHA256
baa175b6fa6ee27992d80995f9eae285f3a3eceb35b655c0c5a5f58b7ac748dc
Threat Level: Likely malicious
The file MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe was found to be: Likely malicious.
Malicious Activity Summary
Creates new service(s)
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
Registers COM server for autorun
Launches sc.exe
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: LoadsDriver
Uses Volume Shadow Copy WMI provider
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:55
Reported
2024-04-07 19:09
Platform
win10v2004-20231215-en
Max time kernel
512s
Max time network
782s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7z74B513F8\nemu-downloader.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7z74B513F8\nemu-downloader.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\[email protected] | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\TumblerSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\TabButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick.2\plugins.qmltypes | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\VBoxEFI64.fd | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\lang-th-json.c8a63538.js | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\mediaservice\dsengine.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\NetFltUninstall.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\SpinBox.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Particles.2\plugins.qmltypes | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\x86\nemu-api.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\page-icon16.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\SwitchDelegate.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMAuthSimple.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\tools\vcruntime140_1.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\PocoUtil.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MumuApk.ico | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\vccorlib140.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\toolseparator-icon.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMDrv.cat | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Frame.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-crt-math-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\ButtonGroup.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Drawer.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\RoundButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\Qt5Gui.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\builtins.qmltypes | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\CheckIndicator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\.backup\ | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\qmltooling\qmldbg_nativedebugger.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\images\roundbutton-icon.png | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\Menu.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\Label.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\device\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MuMuPlayer.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\plugins\playlistformats\ | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\Popup.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtTest\TestCase.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\api-ms-win-crt-math-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\folderlistmodel\ | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\SUPInstall.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\Qt\labs\qmlmodels\labsmodelsplugin.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\MuMuPlayerCrashReporter.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\DelayButton.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Imagine\Switch.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\plugins.qmltypes | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\BusyIndicator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\resources\dist\message_center\src\js\mine.498cdd21.js | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\run_checker\bcdedit.exe | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Material\Dialog.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Universal\BusyIndicator.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\Switch.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\Fusion\TextArea.qml | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File created | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\device\libMediaCodec.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| File opened for modification | C:\Program Files\MuMuVMMVbox\Hypervisor\tools\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMProxyStub.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMC.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32\ = "C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMC.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{208DF701-79C8-426C-814B-18828F6A0B61}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32\ = "\"C:\\Program Files\\MuMuVMMVbox\\Hypervisor\\MuMuVMMSVC.exe\"" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23cd1535-edaa-4f21-a4ab-45d97fd1d58b}\LocalServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\InprocServer32\ThreadingModel = "Free" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Windows\\system32\\oleaut32.dll" | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6734F6F5-1D20-4413-BD35-B97B11112581}\NumMethods\ = "14" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAA00610-81F0-4950-8C36-DA6EEB3A80D3}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F57E1537-1373-4413-BC68-5895E16702BE}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F6E4D1-A9AC-4528-A672-B92090E81818}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6017EEC-AB97-4117-B0D3-7DC53A2000BA}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B4FDB01C-1329-450B-B269-F7E4713F2285} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D04F1D0-17B2-4D45-A053-7031E1DC18F1}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A3E25B6F-601F-4601-B7A0-B22A94045D8A}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{968951F2-BD74-4274-AE8E-351C5E2E8342}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4FD4E709-A36D-442F-9CC4-123F7C48D95B} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{85e56ead-33d4-410d-9130-2f2c0fb6a532}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6467C67F-E0A2-4C05-B33C-A71D4F789083}\NumMethods\ = "15" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B1F28EC-F9B0-48B8-8BD3-3BFA63611019}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F0B4B851-C3E0-4AF0-9C28-3BAFFEF3D187}\NumMethods\ = "61" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDBC2652-02B4-48BB-AB94-9D5AF0A59CE3}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{17227208-4E3E-446B-96E3-C332C981CD16}\NumMethods\ = "11" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA85612D-AD4A-4F0C-8B67-C288A053C5B2}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{897F98E7-F00A-41B7-A309-E54AD805A8D7}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C96666C-3DFB-46E9-BCE2-24452D0B08B8}\ = "IDHCPGroupConfig" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE66372E-2231-400D-B562-715E8D5E1580}\ = "IGuest" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FDBC2652-02B4-48BB-AB94-9D5AF0A59CE3}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC634167-E319-4ED6-97C2-370B63531111}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B11EAEF5-7661-477C-9F21-697EFD7AD514}\NumMethods\ = "13" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\ = "VirtualBoxClient Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{659A41BB-448A-4687-B370-056586550524}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{68D9184B-207E-4C3D-9BFF-F97B1504AEBE} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0381A564-2369-457B-A6DD-1612809E3134} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D04F1D0-17B2-4D45-A053-7031E1DC18F1}\ = "ICPUChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Software | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A3E25B6F-601F-4601-B7A0-B22A94045D8A} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78E57431-3DB9-4F6B-9D6E-F8D85E38C754}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{711A3738-7C02-4BDE-BE9D-051F0EBE5319}\NumMethods\ = "17" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9CF3EBA-F2DD-481C-9E3F-87FD1D049CF5}\ = "ICloudProfile" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB9509E6-BC6A-4F32-96E0-FC60D7051B9B} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{799781CD-3C2B-4543-81D2-631FCA5F4A97}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCCAB3EA-EED8-447D-9505-6DD1A0C030BE}\NumMethods\ = "11" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36F8B239-55D5-4F00-9148-53426D15F9E0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8EF884C6-BBA4-41C7-9A3D-98C7D46D4CFA} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0329D7B1-7F4C-4440-940A-1995CD836098}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D04F1D0-17B2-4D45-A053-7031E1DC18F1}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3FEC2495-04D2-4D48-AF4B-7B69A16CC89D} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC413FAF-562D-4D88-821D-46334445EE56}\ = "IGuestFile" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9CF3EBA-F2DD-481C-9E3F-87FD1D049CF5}\ = "ICloudProfile" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7245E489-8969-4659-B0A5-5BD14907802B}\ = "IGuestFileIOEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1091049E-61C1-4EB7-A8AD-2F639B529514}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6734F6F5-1D20-4413-BD35-B97B11112581}\ProxyStubClsid32\ = "{208DF701-79C8-426C-814B-18828F6A0B61}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0329D7B1-7F4C-4440-940A-1995CD836098} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19BF0EE8-347E-47E0-8656-98C29419381F} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68D9184B-207E-4C3D-9BFF-F97B1504AEBE}\ = "IGuestDnDTarget" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82C607F2-69C9-49B8-A831-67EF7769159A}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{091B8C0B-EAD2-494C-AC98-666B083FD278}\ = "IGuestUserStateChangedEvent" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DA7803E-B5F0-4BAC-9714-25C395CF3213}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b0fe7a06-cdc7-4ece-9c43-5dfd8bdd179c}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B33BB58D-48C6-40AF-B5F6-D64048FF6FF3}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D04F1D0-17B2-4D45-A053-7031E1DC18F1}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E49F18-EE2F-4321-AF6B-67F13D044F8F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59E49F18-EE2F-4321-AF6B-67F13D044F8F} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78E57431-3DB9-4F6B-9D6E-F8D85E38C754}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A99CB1AA-F6D4-4376-9765-C29D87CC51C6}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4BBC7AA-47D9-443A-B411-61CC680A6EB4} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C60FEDB7-D987-4956-9F1C-9969189810F9} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C60FEDB7-D987-4956-9F1C-9969189810F9} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C173A96-7E5F-45CA-852F-CE6843BE28FF}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe | N/A |
| N/A | N/A | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe | N/A |
| N/A | N/A | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe | N/A |
| N/A | N/A | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe | N/A |
| N/A | N/A | C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.6.0_yx-gl-codex_all_1709777287.exe"
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\ColaBoxChecker.exe" checker /baseboard
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe"
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\MuMuDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\MuMuDownloader.exe" --log="C:\Users\Admin\AppData\Local\Temp\nemu-downloader-aria.log" --log-level=notice --check-certificate=false --enable-rpc=true --rpc-listen-port=50746 --continue --max-concurrent-downloads=10 --max-connection-per-server=5 --async-dns=false --file-allocation=prealloc --enable-mmap=true --connect-timeout=5 --rpc-max-request-size=1024M --stop-with-process=3936
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe" /S /auto_start=false /fchannel=yx-gl-codex /D=C:\Program Files\Netease\MuMuPlayerGlobal-12.0
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /RegServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPInstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" create MuMuVMMDrv binPath= "C:\Program Files\MuMuVMMVbox\LoadedDrivers\MuMuVMMDrv.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" start MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/u /s "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "comregister.cmd -u"
C:\Windows\SysWOW64\net.exe
NET FILE
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 FILE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cd
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe
"C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMSVC.exe" /UnregServer
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMC.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMClient-x86.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMProxyStub.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\syswow64\regsvr32 /s /u "C:\Program Files\MuMuVMMVbox\Hypervisor\x86\MuMuVMMProxyStub-x86.dll"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe
"C:\Program Files\MuMuVMMVbox\LoadedDrivers\SUPUninstall.exe"
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc.exe" query MuMuVMMDrv
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\7z.exe
"C:\Users\Admin\AppData\Local\Temp\7z74B513F8\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mumuglobal.com | udp |
| JP | 3.114.242.101:443 | api.mumuglobal.com | tcp |
| JP | 3.114.242.101:443 | api.mumuglobal.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.242.114.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.update.easebar.com | udp |
| BE | 104.68.95.105:443 | dns.update.easebar.com | tcp |
| US | 8.8.8.8:53 | mumu-global.fp.ps.easebar.com | udp |
| GB | 23.62.198.73:443 | mumu-global.fp.ps.easebar.com | tcp |
| US | 8.8.8.8:53 | 105.95.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.198.62.23.in-addr.arpa | udp |
| US | 76.223.88.1:80 | 76.223.88.1 | tcp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | a11.gdl.netease.com | udp |
| N/A | 127.0.0.1:50746 | tcp | |
| US | 8.8.8.8:53 | 1.88.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.118.77.104.in-addr.arpa | udp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 104.77.118.114:80 | a11.gdl.netease.com | tcp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.14.97.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\nemu-downloader.exe
| MD5 | b311535e3673c225b4095f77ca7ea4f5 |
| SHA1 | 4206e1cbe58428fdbc9b319b8919373646807583 |
| SHA256 | 7662f1e4e1b4a52cce2fb8c57ffdd4ec8654f3bd1a830814845e75fdcd3f1735 |
| SHA512 | 57d9d6e592a6cdc3a8ffd514ad21729de15fcdd8b4fd321ce013c9541e08ad6cf3a11bf1479464b5b0fff771552c19ccad2720239779fcd25290c436a287b6c2 |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\skin.zip
| MD5 | d59a09fb475ed8cd967e1a5366d7884d |
| SHA1 | 8636b3f7d18482ce940607af9d0e51232d8491d4 |
| SHA256 | 45a97dba97f3613ec8f357d9a36fe336c2795ead0f32081856b9b2dad4620ce1 |
| SHA512 | 39a667a970f66ba6c28351a038c23bb4f4427e1b584a2cabf962711c64ad7540f09a00b2771c01c965d59f69b5b707e9659349aaf68b6f675695e9e83cf40e58 |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\config.ini
| MD5 | 048404eeb7f19ff7aea3e0e282b2668f |
| SHA1 | 4ee3a5f86c9cc6a0f2fd597e41264249d49d7e30 |
| SHA256 | 536276708fd9e141dc5036a7feb791a2467c667bb16d7ce90bf2917a68a772a2 |
| SHA512 | 6fe975bfc6994edb1fddab0fa635a6d34d5624836fa7f77f6029c13ff633ee0af49fe513f1bb24d7c3cc90e83fcba837d82c8e593ca6e68e8101d4f44cf43b2c |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\ColaBoxChecker.exe
| MD5 | 839708e3f96cf055436fa08d6205263c |
| SHA1 | a4579f8cb6b80fe3fd50099794f63eb51be3292f |
| SHA256 | 1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752 |
| SHA512 | ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\baseboard
| MD5 | 98d610b225da8e61272e2f55255461b5 |
| SHA1 | a37d062662784a54e1e661d379d7a12271430f8e |
| SHA256 | fd4a09fe954e689bc17fb03996595da562e899c1b480a795d80995fadebd243d |
| SHA512 | 960b0037d1f93117d346886233d063fe656870e27ce35b1e21cbae8c964982d79c7773ebe3a5bce4b7becb690da161baf6309cf38bb87fc72cf9cb632c9be61b |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\HyperVChecker.exe
| MD5 | dbd84c6083e4badf4741d95ba3c9b5f8 |
| SHA1 | 4a555adf8e0459bfd1145d9bd8d91b3fff94aad0 |
| SHA256 | 9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39 |
| SHA512 | fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870 |
C:\Users\Admin\AppData\Local\Temp\7z74B513F8\MuMuDownloader.exe
| MD5 | 2f3d77b4f587f956e9987598b0a218eb |
| SHA1 | c067432f3282438b367a10f6b0bc0466319e34e9 |
| SHA256 | 2f980c56d81f42ba47dc871a04406976dc490ded522131ce9a2e35c40ca8616e |
| SHA512 | a63afc6d708e3b974f147a2d27d90689d8743acd53d60ad0f81a3ab54dfa851d73bcb869d1e476035abc5e234479812730285c0826a2c3da62f39715e315f221 |
memory/3892-79-0x0000000000A60000-0x0000000001015000-memory.dmp
memory/908-81-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-82-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-83-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-87-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-89-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-90-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-88-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-91-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-92-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
memory/908-93-0x0000021AD8500000-0x0000021AD8501000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MuMuNG-setup-V3.8.3.2696-overseas-0221213808.exe
| MD5 | 0f81941effd3bcdd3d198e0fbfdacb9a |
| SHA1 | e1763e8a5c40411b60cbe1c21b771d69fa28ed5a |
| SHA256 | 51f2f8ddb8b6c1954e17a351558c82937042f0915ae5a180a9d664909a7e9e4d |
| SHA512 | 5a7b384be8ca367b930da4886565f424d5f30f2287697621b13dfb47de7643a1ac996c6b143b6f9fbe8a1f4f1721ccdaaf65fbf665fa36fa60fdc4570f221da9 |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\LogEx.dll
| MD5 | 6eba32325d2db645c958c551f0aa2e31 |
| SHA1 | b116cc9ff0369af681ebf805a1a3befedd9ab868 |
| SHA256 | cf7b45a69a13551db95dcdefc8bfdd4128e1c1db67198347b43469b69c36b844 |
| SHA512 | 6c48038341bb16ce50b01c99f8ebfc919adfce61008d9718c06d55e92e54625ed2ab6ac850592e847bca61d7d57809dd531afeea4f0fb0c8310cfe1710f37927 |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\System.dll
| MD5 | 283555de06751c261b66243bbb1558da |
| SHA1 | 4532ed4e255ad0163494a02081b45e893ad666f9 |
| SHA256 | b6298637fea88a44e4de3f6b7fe254fb73857c08f1dcd8bd1af6f9eb5e6e7e3c |
| SHA512 | 469dbb4b7cc0d4f59d903415fbb7ea6417323f0daa2aeb2945a9744668f3d9fa95eb34a9d64a647835b563c74c3484c6d4b823a75119599aa5f975dbe471d3ab |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\UAC.dll
| MD5 | b7e1d609915cf0b3f9dfee488a92fc91 |
| SHA1 | d9c873b39e3cac648742568378fe788b2cae6e84 |
| SHA256 | fa3bb333f615689691ff98527dc3341e3b8ffee4bf97c6128820bf0d303930e7 |
| SHA512 | ae4a00659f522996600bd0754b2f2706e297939ea616ada66e590409c6c2f28ed7ed39b67a078ae72e9b472a97291c7f3da42339051ef1a3d1941b0368b2e775 |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\UserInfo.dll
| MD5 | cb310d97bd72a6ae8fc6e44c88ef9e8c |
| SHA1 | ed935c8f17340fecb7021dddd9dc7de0e23bf487 |
| SHA256 | d6fae2e57c84b25b73fe942fb7ba725158b21ec81c9d989845b64ba1ee337c27 |
| SHA512 | 8351004d0bf86c5577940613cee26803d797b2375038726ce31827d66038664aaf74399d7d5e11c6487012942fb4f147b7021d6e887ac09c39f541991f594f9f |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\AccessControl.dll
| MD5 | bb0f26c7a18434ee1d648c7e6743d1fe |
| SHA1 | f7503b348aa7c7691668fbb64ccd541e247f87e5 |
| SHA256 | 1b4d25f2f544f520c20493ee1e9ac7b3043aab88e4ff87953390d357de4c2096 |
| SHA512 | 4311e960a4f8f441b25c5ec9a82d64112016ff9c4510dfb082a0c1bcce2d03cb2871912dcaafc5d00f07ed9ac4d6d7998cdcea2bfc84f7180b2f62a2cf24e08d |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\nsProcess.dll
| MD5 | b6cd62358973125f52d756d6d3aee8b2 |
| SHA1 | 7c9fcfa85a88c507517a659f778355b56cef921f |
| SHA256 | 44c14f1edfe7deef518264675e3e4edb6991d5ea0d50f0f6b18a819dc31bbcba |
| SHA512 | a5b756e3e1a31ad7ad9026bc492de2ef8983385e7c920a2e3eea363df3c6d112cea2a0373cd9bd8be1fb3536ee9623c6844b3c7a92d8cf6ee050aeec7cee76bb |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\load.cmd
| MD5 | cc59f91feffd99c115c0a903cff28168 |
| SHA1 | e83df545f5d390d0b7210f7aac0d4ef37e00f0f2 |
| SHA256 | 25bd2bd5472fb2097f2e79e66ffc3bb6aa3d2f974bf9b43d08045f09928a2efc |
| SHA512 | 46369b7866fd4215620806a7c12938865bf7416447ccd3fc15cfc6f3905bc4ac07a162b015586183e3c35ff17b607ba963f6ade3de81f15401e2d6d3418756d8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\comregister.cmd
| MD5 | 4c0c8a2aee978f63ff9c9bb91eaa98ef |
| SHA1 | 784043ee7acbedfa92ede9c6aface266e6ab0606 |
| SHA256 | dcddc8c892e73bdb7e3a05d3d7e5ff8cf193ec1e27497a3c0bf5641dc542ccbc |
| SHA512 | cb22df98ec3e32d315e19bb139e08354c30fd64bb7ae11fd86633c042e9128dea0be1af275a9438f90114d1013d6e662327c3add7ef60797aacfd0e22c83bc62 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\libAccelerator.dll
| MD5 | 8041ed0f7b41a89d6aa0fae432ba9316 |
| SHA1 | 4c30b8a9647cd06a7c3c6d883e1dd9ccbd7f716d |
| SHA256 | 5a5f25c1d17557c9cd8740967f2c8de8b23d1caff2011043cf61e4b59cabb9ee |
| SHA512 | 3b3295605cd2d043ea6ebb0e0489f2225d85e2915a1f15e1f8b5424fd7140828f3e342a65c42aa5ca243ba3f10e1e27ecb5e16865484e407fcfce9aa8b96485f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuthSimple.dll
| MD5 | eec5ef10b8c04c423dbbead8aa49e425 |
| SHA1 | 161e6404d2dd0e0d631a4d45eab5a223a87ae759 |
| SHA256 | 26e6a6e90259dbbc45e1976e06b6255a7fae98d543cd2cb43e7ab689644f75db |
| SHA512 | 30fb4b8967951548c17bf14620c4acb74bdc8180f355da2c9cc465265d59cf258aef34458c24be9812c8238dba65bf470bd3f4b099e1a7bf0eff6080c28cf7f4 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMAuth.dll
| MD5 | c76d97c177552c5322fe66e81b03708e |
| SHA1 | 8f0ceb1a082c364cb7e20cf9d10a533d883603fc |
| SHA256 | 5dfb7db56dedcd86beab5164e7f61ae51a78d9e917778c89cc2a3fed49f83e0a |
| SHA512 | 8d6bb1dc4dfb894a8d16db6f2ba1575a1b08aacfbd17be8c189a1f53a82adf06c89779854ea827f0934c6f92945bdbb2c778c334da12544e6fa9615913da5576 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcr100.dll
| MD5 | df3ca8d16bded6a54977b30e66864d33 |
| SHA1 | b7b9349b33230c5b80886f5c1f0a42848661c883 |
| SHA256 | 1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36 |
| SHA512 | 951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\msvcp100.dll
| MD5 | 4f096d96285e06cd51aef7d2d3de04da |
| SHA1 | c90ef0eb5b1a0b1b85ad6792291747fb6307dcdb |
| SHA256 | 5bb420fbe28315f2117376052bb8488ce84a3398dda65005b8ae1f792017e9a8 |
| SHA512 | 80f558c50a71ad9c4930b3838b481e4fb453c38d57c91f7f70c1f86e4043b9a4fbcec27d7c025285504cbf3bde7c50b4770f18121d7818ac58e2ee9c2071f97c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\loadall.cmd
| MD5 | 571b20f2505a377eea3b6a2bcb2a31f9 |
| SHA1 | 6240b4fb57d2844fc7a5bade5096f096617a86b7 |
| SHA256 | 13f7090c7200549b7853e929931ccff1ba29e3497286d37866c14232f1048c8d |
| SHA512 | 930b966ce36d21014bfce9e117af38718ad0a0ea1b49bc1fedc6136ff71b043107cb07d8a879e3588dd64f45c2181fa7db6261363d80f5bb31144fda673d34d2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMCAPI.dll
| MD5 | 427fddb46782651cd2045cd1d234a5df |
| SHA1 | abc1db27aad566591c358d2acecca75e7eafe5f5 |
| SHA256 | f1b4e191ae72dae0501921e7ee5378a4fb078a17d6acf69067374580841f0a9a |
| SHA512 | 597b77da475146afc15ffa3c43f5ef7d3a2b71d0650b791b681bdba5b811d5aaa3f15baec2acf04fae28bdf77d873ad3eb43b8f4e0ec0b606303c2bdfd9ac0a7 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD.dll
| MD5 | 135d833c6108431d59f4f4176708741f |
| SHA1 | 16fd9c89d643a7734e2a4c978ffb2a14c7efcb4d |
| SHA256 | 4086e855233a1e088719449a3dc2959a2cb558aba1b4bdbc51f6d383dbbef5ba |
| SHA512 | f517de5216c3fd55176eb3811a5aa678af72aee4f1ae0b5c569167da242778bc4005530437577e8914af90afbd23b1bd42854dd8dfafd68fcdf53080c7f15911 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMC.dll
| MD5 | 71bb3cf6146eba75becdde1ba57d227f |
| SHA1 | 753462e7d4b3b44a9f70bacd4af3928c40699185 |
| SHA256 | 223ee0f0c6554ee3205d449ebd5a51881f42d33a4c2732b13e843a0bf025e694 |
| SHA512 | ec4bcaada20079e6b77557419a4f47defec5db5d41dd81f74a89c6044a87b71289fa34bff872221951a5fbdcd506801881b9a72f6282e7313ea0c6a1664b5c62 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDD2.dll
| MD5 | 7a19b57bf5b054006dc7fe0cc4564380 |
| SHA1 | ebef67d5258806dbd733df8a21a2949a7e0b62e6 |
| SHA256 | 0a953aa5ef60c8dd793945308b84c8d55903c8278f91e1ef61c3df6d83c0bb29 |
| SHA512 | 2ca4ca7b4c11dc9990f1b211027a069a96e2aa9df487ab4f7d3f787d228e4810b826cff031ec1b1195df209bf0280b242719ab0237cbd08c9d69673897dfd35c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMBalloonCtrl.exe
| MD5 | 325f51e48792f68be2fb1e7105b48e6f |
| SHA1 | e412689069cefdab7c2b6236da1a648d5d655099 |
| SHA256 | 652ea2923bc4064566cc771cd526f23bcce4b1a3719eb6120cd5e7481f64f625 |
| SHA512 | caf3e8579f9fafe6f1617876fda384eebb7528a91f546ac81beb6e33da8110025a1fd3e3e428f2e4669faf379e68049af1cb1259904560d453ff80b7d49ea9de |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDragAndDropSvc.dll
| MD5 | fd6eb2f0557d3ada91ef5141e50bd3ac |
| SHA1 | 60efbe3f9734fe46fdb496c72c3cac0a68a590a4 |
| SHA256 | 4be0d9221a5a5265294715b70240fb6361c57e97072e010d06805e20cbfb53d7 |
| SHA512 | c6aa5064d11b32b4535a54362169720cb3318b720ce0d667e4fa5066d84d82e0d0b6542e18640a6e1a6dcc73ce87895cdf72d5fec6a5041a32b8ef486c2f1e71 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.inf
| MD5 | 423a9e754c1d0067686b7dc1aeffa6b4 |
| SHA1 | a57450653e5d9c3126cebe754a1b7e4204044d06 |
| SHA256 | 586128bd5dc9f67aa56f6b91d133e295c2a2cf3d3eab52672db8bba7cadf3ac2 |
| SHA512 | b31f468dfb55de5894962610b09218f49ad4be1148ea8aca9e5e3b5ca4592f0a0ce25d92464e9059e8b52354d3c7befed3db3e57428937b898a8eb492485b580 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.cat
| MD5 | 4d215ca4b7e3cccedc021955f3d8e0dc |
| SHA1 | 34281419e17cec26a26a39d74408d80c3a7dce6e |
| SHA256 | 67635e38e615cc70f6f6754ecc2d7485914a73b80685e057590eb4f72c1b5441 |
| SHA512 | 13cdc1f631fad080f4539a65a59d050c7e42fad545f3c190bee5a2ea1b3526df0790f3c8f423b73ca5ab3e71ccb40c603174ce31aee77d24702c77dee8ca1865 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStub.dll
| MD5 | d5cd39948b825a16d8ebdc08f3d1efb1 |
| SHA1 | 71ad1fa5a30b3229d2e720761c78cc86b52509d9 |
| SHA256 | 0752616900c6ad425582b7873c3257c94b01057d62e8c7478de5293e496690bc |
| SHA512 | bae53223aed5f39e91900d52862c44d3c85e52c087bd62e56a2a5e43d2e2005955c0dfa0678c36bc0b79302187615c6659fa084575f9688cc64a6d97dc4a284e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRes.dll
| MD5 | bb9efe3929c3c97dfb99216a38177998 |
| SHA1 | e41970119b8399e8d8abd3e348e010870ee7d9cd |
| SHA256 | ef46be3486221b3d4ad86138bafb12f8c77277345e182926cc259171ef36371e |
| SHA512 | 81b4f9b66e3658e4111c0d4ceb142c2a37d82ebcb7706c9372a38be00362dc9609ba922bcb5e73dff5a6146abf6fe530ac45b00ad7c00c0c01c1d6f1f0e69498 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.94.0\VAddressDevice.dll
| MD5 | d1b49099704f416236c17d028c2a601c |
| SHA1 | b7b04f381dab7838e7d42d5716652debe287ade7 |
| SHA256 | 1baa6c717e0b402a75872210e878749d021e6b354d21cb94e59012d2f19a9b32 |
| SHA512 | c98a3b8e4294240f556603bfb79fc06a92a436629c84284b7beed0999296469e4315ddab04ea0e76cca22a40641272dd53a88d5d0f2570aedd11c0dbb589dae6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.92.0\VAddressDevice.dll
| MD5 | c452f408b06cf88692c03ba5c534bd76 |
| SHA1 | 8b3c315e115ba8ffbeecc7878a3034cefe65b5a3 |
| SHA256 | bc2f9fa16c1899e8d92a5d3a3f7dfbdbb9a1fc124e252259f2d86f207c2b09d4 |
| SHA512 | 3ba6e6ffe15a3db3c9a5531a6572de75e428f0608a8b8abbea8e1c3e84bd6a278524b818e9b2351d2cf10094d881696e8051272ad0bd741c893efe31b62f6ae2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.69.0\VAddressDevice.dll
| MD5 | 5396238bbc8c218e819f6715b20e6031 |
| SHA1 | 55ab28093742e28424688799729bc46d60a95a4c |
| SHA256 | 33236aa3dcaa4714e0e663799a3fac83593c8afb6e164c1c1c2fa3176a95b15f |
| SHA512 | 54df0b2dc50a26c1597932e2362c7c3c92afe83c262a8fea7221c15a3f77caa55897d34c675370eb9b7b955cf2398d26c1bfec4d3e0484b0606b57a4cf0f9c1b |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.63.0\VAddressDevice.dll
| MD5 | 8c7fa231e13b7b380f8d2b456bfbedb8 |
| SHA1 | 66e153f427c44c90ef1e59e92723e95a99f75e8b |
| SHA256 | 310e5d67c32429145f05e82848fec26176fd1c50d01418a784669c32eb0288c5 |
| SHA512 | a62156e2f6db5b5efcaaa17d30233c167bf6b062d6410636d99e56fd0361d936ff3fcb8b80726165dda7bac0f7eb3b178dd604614a380addd1ba7be508e2e4dd |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140_1.dll
| MD5 | 3b22b2ec303b0721827dd768c87df6ed |
| SHA1 | 86f8af095cf7368ccbff2d0fd6d33586145acd2b |
| SHA256 | 3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62 |
| SHA512 | 79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\vcruntime140.dll
| MD5 | 0c583614eb8ffb4c8c2d9e9880220f1d |
| SHA1 | 0b7fca03a971a0d3b0776698b51f62bca5043e4d |
| SHA256 | 6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9 |
| SHA512 | 79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\ucrtbase.dll
| MD5 | aeea6662f0f7819a077b99441c36178c |
| SHA1 | c3a2ec7fd791235b8b1f2371e94f25a1670f7d00 |
| SHA256 | cd48756e96740f84a2aacd6c308997a4a36a953cd77f50cb54c27915a5c5c302 |
| SHA512 | b4b3c42e716fffe98f1c65bd2b0f522725ab8b43a7739c0a925b850fc0601e77cdc1e2071813229477d129caa73813ef6eb5c4c806d1c48c90332c429365d639 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\tools\my_upload_md5.exe
| MD5 | ece6882c94aaeab536fc8a168d744e04 |
| SHA1 | 9ac8a75b32c9f846231994ef43b2bc8e7bad44d9 |
| SHA256 | ab96dd5cc65c4bb1b827561496af5712722441cfd9fb3418847e274e7c114798 |
| SHA512 | b6b1a8bb1e3877e2280e9ef6164626da2b580e1e9471294898a1bf27e231560fd3540ce8821759a0dcc7b6680eca81500152d666492c1ff7fc9cdc8bd33080ae |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPUninstall.exe
| MD5 | 6fb9b37528231b848753836ea6200a55 |
| SHA1 | 98e0d6d846dde6237bb590a5f36bf4cc19d24deb |
| SHA256 | 3127af241f3da9f849307f6003ce5e74b697fd3154b4a14e77d890b8c18a49d5 |
| SHA512 | bb412940b1d65d9c1433fe6733f752e4f8c9a46e11ca9e2b34265bb677a61864c99cbbe55d5a3b338ee3dd5b17a78e476a9521435deea5097c292b1da1208adc |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\SUPInstall.exe
| MD5 | b093803b81ce1264243649451f5f088d |
| SHA1 | c8373dffa0f7fb9e5bffc051ea600ff63e9e4180 |
| SHA256 | af7144e202f0d5c626fc7971fa4ff96cfccecc0a7ba7c3f6c2a9261ec2d152e0 |
| SHA512 | 2f4ed566df781b30f7a8ecb5b556f1afd52e9497ee363923e0170d35b117aea24203b861e1ce60fd6365ca52493741d79fddb05eb2b2b1a1703c639cc8f48fc1 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMProxyStubLegacy.dll
| MD5 | 6e2701e30ac34b79a200b2ca17194462 |
| SHA1 | b0aa2e2695e35fa84cffbecaca0b417c335fe3a5 |
| SHA256 | 236c54b06fe8f110a37cae01c26fdc3f6eeb237660ac579f6e370150de3494b8 |
| SHA512 | bb844e8fbc202f22e8c95a83d0fcab1b145b52a10a22397d6497c933ad1f95e3e01512bc4753486e56d1fa678839fef2f12d13680719f2479c55b9aa85ab8827 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.r0
| MD5 | 3fba4bc28fcf269cae647d13a3b4cbe3 |
| SHA1 | 47eb1f7dfbbee99200ac47bc9d5cce17fdd78e62 |
| SHA256 | d33aa386475bd529f8c3c9edf9449e9b51b71d8a84515390e405bb246bd57807 |
| SHA512 | 5ac2042ae175938754ec9918014ea546bd70cea8ee2b9670360b9e4043982bfb103d3fcc6d5c811076fa52205532d5b00e3e6e8923144e4bfb37bb852e8bd041 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.inf
| MD5 | eeb987061c0c9fe0d0dc49532bc1d3d5 |
| SHA1 | ce2a9f432e29a78ddfdd20806cb5724d9e056c58 |
| SHA256 | bf673efdb64b7e81069eca5b0c50dfb7e6dbb3bb3295f5d034089cd16b528fef |
| SHA512 | 8703585843a33021f4bec2bf674702ca7f48a2fb6f8961539e256212c628660ac75edbf2fe9dae37f3d9267d1ab9451ba0e756307d6133f0875fa4f3898c0803 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFltM.inf
| MD5 | e87981c99ff763113ca116a3ad696027 |
| SHA1 | f8ad4145189c6afc08fbf5429a6da96aa1d34840 |
| SHA256 | 4364c725e14a761776b123c92cc492c0404393cfa7960ffa173a54961774cdce |
| SHA512 | 4566c22c9c759cc5acd69846fc910760b68faf5aa4573d3f01c328d2bcd24d3cf735215682737752c22e3ebe11e6ff5e49ef8504fc72b1523bf995ac223cd8f5 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.sys
| MD5 | 0ac3c5231442f711d34748bc5d3144e3 |
| SHA1 | afcb04e915cbae553d82ae58d54c2531d144e395 |
| SHA256 | 2457a0c4a3176277e7db80e406f1ddd46c669e01f3f741c6cf3403da31e2ad07 |
| SHA512 | 7f94a88ceabd9ace0cd65cd49297b482f040ad31b5bbd34955b25f6aafce315cb6fac28fa0a1d61614d3eeae7cdf3bd63e4191d59f2d17267870294ad8a861fa |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.cat
| MD5 | 91bab7bfdb03f17ef945f26ba626fd47 |
| SHA1 | 79d5b9f174562756ce4649148bf9ee4bd2829dad |
| SHA256 | 5fab6bfc10c7feb4ab015373ad1368a7b5e2391c3b971341481a995f72fc07cb |
| SHA512 | e53cecbb9670ea918e1946419c40ef2fa3ebea1e067e66fc244a701721bdad108a102d6d7978d9741afc144d4a4540e1142f865ac9932709fe49b3e31419701d |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.sys
| MD5 | 4310bfff02dedf0d13d0b763300bdce2 |
| SHA1 | 50aa2fbd794eba7a6018141eee510c139408d83f |
| SHA256 | 5150461b359ab6bd3be49edd77cd8ff429fb02d4e704155d794989f9b485aae9 |
| SHA512 | b181b835006ead6ddffe577a1089cef3b3f56475644433285d7274c6fd9e2bb4d2dd9e3bbced63a4e7778213aebeba5499ecb4aaf4dfc1751d895b862f4fa2f4 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.inf
| MD5 | a8cf4a14790dcc315d764fa481adb5ea |
| SHA1 | 98d562c329fdbbcae881a4ea7148e6b15544d753 |
| SHA256 | 94bff036fd5caac9be2ce2b60695f5b881e06211d8fa3ac771a82974c6cbef79 |
| SHA512 | 05e08c8293f9faff2cb65aa0b5172324ae0adc1c73469fef4c42ad252ca4ce068f564bdfffaf134f1f72f6671ed4acf27d44d0dae17f354ef1c9e6c7373e37b6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp6.cat
| MD5 | 5b06844dd324d3429d14220f8e03b100 |
| SHA1 | d3c29644571053595da3eb84543fb2965fde125a |
| SHA256 | 821841dbd1549bf444e8f5082da3feb75fee3f4feabf117b131058d252e5f68d |
| SHA512 | a73a271ad633da89ffd112a9db387e9705edf30e03b18123abbc82671ea471c072be8a9ba81d1e4a7fd853138f64e265f1f01264a25b24a7118d7758b11d8db8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.sys
| MD5 | e38eaf43e944f9c03104283f105f5363 |
| SHA1 | 166df8ae9d5e2d3039a5b9a96725c98e43c268c4 |
| SHA256 | e7c6793ec48fd075d74eed04933cd256720e4bc4609baa12eb201ef6c89b8108 |
| SHA512 | 39170fa2c6649106202a45f4dba9800efe0c9e93035df7a59ded989f746cd2d1de971069ef6aae60d34dfbcc7c33b14756a619b430c0289c54439970cc454e7f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.inf
| MD5 | 92a337482c3995c561139ea8bd7c405b |
| SHA1 | a164ab90cd6e1abedba0c54a96a450d94be4c93b |
| SHA256 | 898574b40ca3ab0ce278899e4e585d653eb5dc3a2ac7da57c904a0bf4b0cc014 |
| SHA512 | d46f8d7abdf445697303567845390b52a31f3c0e45e8aa357802e667bd4a0816555b3d841f19672adf69c2c31e3dd62e7e6d788d50d95172ac81f5781403a102 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetAdp.cat
| MD5 | 4c8e27b491df706887eedcf71be13759 |
| SHA1 | e5e11388cd871f54c8c5602deab7ef8392843064 |
| SHA256 | 8d106e9f8e78d6890161ab12be359ca0e357ce6ad46d9bdc5d80af3448eb94f7 |
| SHA512 | e4ed33bd3adc12e62718d93e5d8c8c4fcb61079ff64d50df77014b6730ea2aac15fbca2abb664e19b84bc9d6bde5025a8f71274b7dd7f3e2e66ef07dd5ecc76f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMManage.exe
| MD5 | e4f7442113454d1c39f43a4451841547 |
| SHA1 | ed54d46b704aa8129eef1a6331d4484406a6778b |
| SHA256 | 5608f4c624d8873f757cc3dd17c17885e505962e7825cfbdff75913d791b584d |
| SHA512 | affbe534f61906b3f9c509341d568e47c4249952e0a0bbb17c068564f37dcace54868e048735956626b3827d7f6d5731a739867bfb9bb37360749f80773368fb |
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMInstallHelper.dll
| MD5 | 2da95955c1f8ffdfd429e3875a0b085b |
| SHA1 | f9141d5e6d918cdb6819ca4b25f78a1b4fdf93ba |
| SHA256 | b6544564eeb1cd98adb0c7fd5a3b92e430a6d9fd295ef9d50eb064c5f9686473 |
| SHA512 | f3eb903b7bfc4169033a1c977b68ba3cb6d1e3db54ac397618604b623b5f494340a5bcb35b28e576a11a5f9c7180bf7f6d9edd5dc81494aaeef89ebe4626d7a0 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHeadless.exe
| MD5 | 0ba088cd5bcf0f555b6aa4199995a8c1 |
| SHA1 | 76d8842527bac0860c69792149e8fb111764dba9 |
| SHA256 | 81f5b48ee08814225b77eb2d072892157ce06721fcfa4a79376442ccaa6e1de6 |
| SHA512 | b8de38002d260ec7d7caa1637eb8ca7863c68d5ee0f5a62cddb6090c5b3376288de2a3995143559b0ae7818355c49b51cb8abd5ed5b9bf390fef3bfee42f7e91 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestControlSvc.dll
| MD5 | 386ef591b74853d5a855024392fcbf24 |
| SHA1 | 5a9fc4a420d3018fa2913f3748e7874bd632be18 |
| SHA256 | c0756c2c11bc2cefc84d90fc3f916306611291a18d1ed41f2576f3382ae3e1ed |
| SHA512 | 3437cccc1199ab36192ce113968ac5f7a0bb260a30161e8f212c23e75971c88a4c6e62dec7e9218e3112aaa7c33013dafb60c78659ad35905511a4a31c54af9c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDTrace.exe
| MD5 | d1d6d03bd9d929d758a2ce3c001311e9 |
| SHA1 | 90419ab8079ab823c71b29b83f8e69365ad0f22d |
| SHA256 | 90083a7a5b800c8dd78b16ad06a487b09c6c42c0d0ccb373e52819e6fefd8063 |
| SHA512 | 578090df58177c32337b6b702804b7b227f1fa5dd871538f396882ad62cd12b8f8f97892f62667555e0f0ddc1efd1bd7f69a00b0cb572c0f65b31d7683618b36 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDrv.sys
| MD5 | 14e93c14b6d5d5d9db26275dfc987015 |
| SHA1 | 0585447d1400fcd57b86280453915799de24c7c3 |
| SHA256 | cfb29a2e7e938f7f2ec0443d5cf25261468e54c616eb74272c43924bb32e806e |
| SHA512 | 41da4d14075c3b47c4228cf1ad964b7a943b59c8e851bd2c264d88e37a7a3f525c9ad15683e5b0f512854eb1088c1d398fef8217a7c420d239c5de12c940639e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.sys
| MD5 | 6c000ac4c46fd78b6599f8e45cc0ce7f |
| SHA1 | c1d7e2809834e62326af0a46cf78f14eaac9dd2e |
| SHA256 | 05adb854983e9da8821eff5e50cca5a59ad0fa501966c269bd6e937f29d971da |
| SHA512 | 9d590138e97f72307fcf431a273f5af80409c9f2eb848b86b889cd1bab4f6a154719588b85093f244ca912d256584b65d7440dec900aab1160f5cd478435eb68 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetLwf.cat
| MD5 | e1712d82f582f98c3a0e78e0d4651c2c |
| SHA1 | 6dd1fdf141151ec19916cbb52b6489589bc8d584 |
| SHA256 | 7ef2dd59e21ca4845a9e09fb64b827cbf6e438e13091fc48ec649ae5fa69fb52 |
| SHA512 | 0c780fc05b95dea9d1f542e842481f3d18d153a87121ad4cf026d001c8520251641005df7b93c8f17a512cee28cca95afa9ca0ebfa66808e11e19c2ea18c04c5 |
C:\Program Files\MuMuVMMVbox\Hypervisor\MuMuVMMNetFltNobj.dll
| MD5 | f2fe8b22ff6c0e52a87e7ccad7e67469 |
| SHA1 | 8cc8c1141d22691b085190f2c33b3f88d3a6f189 |
| SHA256 | 5e32e9f41572efe6b9e0ed512ada09fbd2ec569d5f8682bd3f1e7f04989704a6 |
| SHA512 | bd66c062da6db3fff0502f1a5f1c62ad6581514eae35d542f71dde72d7a14836c882f580ee61e0f5c2b332477b1ce5454b695079cda1d5e0c769130509783591 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMNetFlt.inf
| MD5 | e61b659c79361ee58dc58998e4cb6373 |
| SHA1 | d6e00c2002b23b7c4414319ebc435bbd404d3397 |
| SHA256 | 1a15705f3aa1cbbf47c1b7fac1ea8a3e00e17958e6ad6b674be2bd7389a0dfbe |
| SHA512 | 6d7eec93f8dd10184707c2d0c343eca5caf9f0467bd7efc2b1e1bacd2b36389ebe062e3b8f6d5bea479f7fd0b1f27458923c6866cf6e322dd928473b1c72f669 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMHostChannel.dll
| MD5 | b4473ce7adb11f0936286eec29ac8dcd |
| SHA1 | 718c23296734f1bfc8327bc7cd9e84e9c753bb91 |
| SHA256 | 24ae775e6debfa67b02b1d2ff6902f22d3ab6f93f0cdf44ee775f4bfac4cffa9 |
| SHA512 | a7ac0ef0d663fd7332f8e870168ffdd95ad4f5fcb5fd020fca369bc30c630d11547c82791af5f2f899d74ed54ae81d90b8d63a702611103ea2314de8a84d8d1c |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMGuestPropSvc.dll
| MD5 | 71a3134a8a546b4f4b78442637c8c428 |
| SHA1 | 6465b85fe2167c86606440d46ff0e91a4912aae2 |
| SHA256 | b6f68860d69ecdc558b881ee14627a9e24707baf171b1de43c691710a2d07c75 |
| SHA512 | 3cb5bc398821d5dd7b4b3f6304bd3d8b597d42ddb6b045d5390e898c042e5f1ade233056338b0eafe176563e3b07ae18fa266615f381f7531a89025b090d8a88 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDU.dll
| MD5 | 89f4fc11f483b8275624d1dc4193810f |
| SHA1 | 9538c21f71fed32644487a1c51a805a16b50d49b |
| SHA256 | 8be4ec229c1491c7f1d5ee4f3332a626192894c60f41eb65d6f75507fe2fafd4 |
| SHA512 | 31b5e2501e03fd725aac2c14e0ea39b2bb78c175d2be6aa4fd731f6cfc2450443a21558cff0ccad406e60e9145738e09501cff39972d356748ba8a635bb91958 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMDDR0.r0
| MD5 | 106dae22290adf78a229d6d3ced17d92 |
| SHA1 | 816485b26e9624174fa4cecebdcbd0a46d38f8e6 |
| SHA256 | d6d4b05170c02ce95c536ae1a2cdd7d3b7a5b54aa14a2a4c4aeed599f92dbb32 |
| SHA512 | a2c870bbb13a1bc9c133e3613d84d108d8a5b940bf416f7c82398125f5661102e8a9f41c9e3aa7b4ac11d7bb9beca2d3c101139b962bb5d77a502f2bc9f16957 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vaddress\0.0.86.0\VAddressDevice.dll
| MD5 | e618cb77d4bb5f61a88fdb91303a2c1e |
| SHA1 | df3f87309db42eb084b46ac963e1c7d69eba8a78 |
| SHA256 | 55fd58e38c0a9e2f60b5c03750d45ecf0b1b7b873b84a531c224e4bcaa4bd064 |
| SHA512 | 5acd329ead414008cc670303f404ddfa68abb67dc6f4211d932bd74f7ccbf36e138caaef1ea35b783be5eb11d2efe2c33fb0088aff8036c3fa738db9f5c62020 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfUninstall.exe
| MD5 | df68847694d9190adc4f0d8a756b138b |
| SHA1 | 78866898b148b7a0a428cd70477ffdde1899900c |
| SHA256 | 85c5b93d85e99b447f5b86974727db645cab66fdcb60365f832c060c59105c24 |
| SHA512 | fc2c396ab39d01b3e7d8282dd861958439b57cc92ffcb0a0f79fa6173263ef4f995b4c848bf481c0f6226539aca2c138f6ddc8328568fb2c7d85470efe905682 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetLwfInstall.exe
| MD5 | a590bb38f5a02772d7b0cdc1efceddc0 |
| SHA1 | f69d3931aa9691f5aa4c5b53fd4cb0b439d2ae1a |
| SHA256 | 1ce235659ea80fc1262f5ce08ac2e761a3f50a841af299e8894aedfd077f23ea |
| SHA512 | dc5b28b151ff457b7117a0c3375698a931a0276c3ee11dee9b94b51b912ad9ace4ea3b74be0a6ceea60c60058451c1fd8545044a8ec171f7f69795be8d7644a6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltUninstall.exe
| MD5 | a398ee2341f5e67ac074c58669b4a422 |
| SHA1 | c40e753c781631e2c06d62292946d32b312d2265 |
| SHA256 | 248cbd6724f4389b5b6ab27b283d3cc40d014657240c67e4bd7c21e0ff455c9c |
| SHA512 | ea5c33c89c2e1fa4b62275279cc5d78fb712dff330ac6f4798dc9e590298a6df16d5aa8627141cc5f866b72c874c01c5cf003b617a291b277a093ed249eab5fa |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetFltInstall.exe
| MD5 | 1c5d45adf21fcf448fd2f4270f08d965 |
| SHA1 | 1d086240e9619c4304fb2452f7c74dc98f9c2982 |
| SHA256 | 356b6f2cbe804061e608f779e1d56545c1075d510eaae6ef0bfff59848b2bf12 |
| SHA512 | 5e19b9583f739f9355a41368a0d4d348a8bbc5f7afd0cd32122198323fdec3caa35d93933aed2e2ed3173ba15d6201ceda3e78e6031acaacb4fb2eb0c41fe01e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpUninstall.exe
| MD5 | 970570f96eb9b8f7949654a281e9a203 |
| SHA1 | c4ed5b561939e245c3098cd4550d4c69e598d0e9 |
| SHA256 | e0a4024c4287d3c92e80e72548fc0e8d9034689e58aa8f847bb9a7282f1f8a38 |
| SHA512 | 97f5bb508c8eb5925ab664f5c4a28a6853c90abfcb933ef553561532da276407f43117b340c05a0387cc954dc1e46b4c24944c7fdb7ee12709cd595876be91df |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdpInstall.exe
| MD5 | 355afc25415cc3c09203a444f4bb9db7 |
| SHA1 | 98a0a16b97329d80e1c3f91a98ac967093b59244 |
| SHA256 | 656e5816670f80ba8d7689b308a98dd13d6e81a34b75b2b90a563e9ee7c79538 |
| SHA512 | dd8ee4482b67b2c9c1dd86fa7e04e9f85438ed2d0afa26e8adfa87feb3c40e955c84ed760316fc2d39fd3480eec89d6cfbcba25bf39db20940802296192cdffa |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Uninstall.exe
| MD5 | 21d48087b37d52165fa953dd09ecfce9 |
| SHA1 | 4611c63b9adaca5d42b2b88df17348f58c4d0935 |
| SHA256 | 42cd5212575e0740698b32266c7aa51f461df1554786cbd59b2d68c192fc17fb |
| SHA512 | 23cfe6d47c265aabfff2d90446e07b5c699ba2bd486f7ee47aa9a504ff5ff95a65f680d90456836d668d5e0ad5eb17766deb843e08ec2bb0c09d80bd97ece646 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\NetAdp6Install.exe
| MD5 | 379552c81cfcbc30ab13adabd4a271a3 |
| SHA1 | f333b93734ff5888918482d22ba1f3e256ddc31d |
| SHA256 | 859ea2b1a71333c32292d1df371b75557ec92d804ef6442c8dfa8756a94a343d |
| SHA512 | b7351e25011a7aa491a716be82c75d541339bdf72c24ede231d1e9f64f4d63a13f37f86483c0e3b54d04a84f287e2df713fcfbbf71db458246765894eedb16c2 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMMR0.inf
| MD5 | 9ef94bd0428340d94cec3ed921cc2eb4 |
| SHA1 | dd94165626d95ab1d351298843f77e9ca0ce0801 |
| SHA256 | 023cf519b63b84224cb092be487568cac6a75e5da2acb394873dcd48d8747954 |
| SHA512 | 161b31d7870f06b6fd6648f3106e9582825ab81d2279794ea08eef4ec947740b7c4b8a7b4f21e74dff0e2a654cdfcc9f1f1b5727a8c1abb952e31de3b796bc0e |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\mumuvmmvmmr0.cat
| MD5 | d554aec99709b5e977ac72b2e4cf31d8 |
| SHA1 | d12dc22ad13349970effd971c77f9d5a165ce2eb |
| SHA256 | 6f0ce3c8c3f125d56e6f6c19afc88d38c4679475c720afc1224ab29b8cfb451f |
| SHA512 | 4a441d764792e23d8749b2eec563a66d2a4fdb6c61e195fd76095aefde1b1806f7b5699080c0539df4081f0d15c53e8dd5eba76171abb9661b85a7004bb47038 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMVMM.dll
| MD5 | 0af96e6275200cbda4b64a52014279dc |
| SHA1 | 18de34b557a5bf8399b34a43a5738c82546adcb0 |
| SHA256 | 2f5d2cdb8caeb20ec2840f5a48fea34c97c09032562726c6b2f866906ac895e1 |
| SHA512 | 66c9195c9ee343c7e9ed1e3c1c56207473a173197b3fa460745547a767199051f97efd899f7b094080042f0b85cb8618a530db6cb966f4c1e2e2715ea43671c9 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVGA3D.dll
| MD5 | eff20cc41f771c23dcb7a920a4e8832c |
| SHA1 | 9994522cf077cdd76ebc1214a7e03d2e8a2cef7d |
| SHA256 | 4186e3b37ceebd30fa09cd7afcb96fddc8f368fdcf1005f29c905eba28ced5bf |
| SHA512 | ffcc111625b2a4703c5250822f41a42a4d5f99b03ce8d84d21f0e37c0d19a585d8b5dec1b9882301cc4263b15a6e3631d6e5fda1c36fb74ccb8fbe953d516d85 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSVC.exe
| MD5 | 016c47a4cf8847c5fd182213ddae50f9 |
| SHA1 | 84eaf59dd6e02264c420f437cb3ba722839d583e |
| SHA256 | f689448368014009b19c73bfee54ed68581acc1ce6396cf46cefc04d59b68900 |
| SHA512 | 298c399bed21fc8d5c7d104f7dac285dac9d2e3d22448a26836486bad4138537fb032558dddaf66cba42ac7ad9379888b0dd8c6272304521c0ffcc829c7064a6 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSupLib.dll
| MD5 | 0f4bcf2ec0b57c99844f2a809564a227 |
| SHA1 | 8f4285e68b9b4abe976054c8a664095535f5d29e |
| SHA256 | 7e1de6728d222e48274f9526d858178540cf38abf5db9169d7164cd46f29e9e3 |
| SHA512 | 5b9cf0665333aed5b322d0e56acc12e7707bfd046730a70872ebd3f731831a93bb841945b51933cf2a5243eeb3a8f28dd1c833ce28a38f244a54f78b13595557 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedFolders.dll
| MD5 | 3ed04e945c2195901ab9809a88879728 |
| SHA1 | d71af40616c11d3cc33bdc1d35960db1b760e056 |
| SHA256 | ff8ff653813ad72785e247f4a3e381b2e08ea0cb1e7b3f3ddf687bb24b221301 |
| SHA512 | 8b4f73af65942d33b2437a0b8f56f628432da1000b033e920c085d2f08aace283676d0912185158a4830553e7a6ead928d9b06a029b969710a7436891ce1243a |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMSharedClipboard.dll
| MD5 | b1bee656eac17d44ddd4f141cc0ff511 |
| SHA1 | 76a8318031d9a7b3b1821d719d6a0ede6d9cfced |
| SHA256 | 39aa5ff58708df119ae680f3bbf7a24458cc1230468823ab1e45fe8c757c43f3 |
| SHA512 | e3799184855124e2e412c70e01b0af3876baaf7eb5401692846536be188c5e4a896d8591e4d1d7cc8f9540c8d5afd191f51f6d011de6bb6346c4617043007f8d |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\MuMuVMMRT.dll
| MD5 | e64b52f601c5a67f0149ac0fba3c459c |
| SHA1 | 74f8b261fa66976b52c428396d3eeafebe56eaef |
| SHA256 | c8e5dea553284cb8fa4cc3968c46c4aed343c83cc1df05f50603b5c93e72e798 |
| SHA512 | 1cf986c1fce409f0cfd54d9a0c78add76c1f27c37d676bac3225674dc1def3ccf2abaf6f120a9f3e37876f6a7dbd422b947c4ff598b2e7d22ae4fb0ee0e15cec |
C:\Users\Admin\AppData\Local\Temp\nsm4A05.tmp\ExecDos.dll
| MD5 | e2716246ee731417abee9ea26cec1d56 |
| SHA1 | 6687e5d8b0b705fcdd9a4020215891d5b7723084 |
| SHA256 | 691ffd34264d1813827c35083367a08aec974e9f79fb585b7d2d367c83760fbd |
| SHA512 | 355bb040570a1ba64a03463a9e6695015c2ffda5f30b7ce801c39ab1a7ba36134bb8fa9b5a1ffd102f6d71091b77133f8d68d305d5c1949ccad2e8eab0258505 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.r0
| MD5 | a5c0e348e7cc0e4cc570aacf9ffcaf29 |
| SHA1 | 446506fde338687fcc91b176361b51b0a8133045 |
| SHA256 | 3ae59d3eacd1f837d3163817731820b93139846021aa8aa7220060d174d6cecd |
| SHA512 | 966f4100f17bb3a89f650c30f979f15023105f1db2f840a03b31bf53ba5188ff5994baf110e489060b858296b49d620551111695127da8d0ff34360a58c65822 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMVMMR0.inf
| MD5 | 3a31f44dff80797d944dc1c76abc306c |
| SHA1 | 02a336a7614ec019a65a90c971c648c34c814e66 |
| SHA256 | f39e3b98a17d4d946879284466a27ec946a07bf869f59ffecbb38451d81337d1 |
| SHA512 | 1e3382d8bb6f99d96ac9272d9aaac5012fcb31e83a072d22cb4b8965c8c636ccefd31f61e51ac6b8fa79b7fd70038fc259dd45d22b9bbb267f8f17c9b66472cc |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmvmmr0.cat
| MD5 | 2e23d6718ce96dbfc1be7382fead6ced |
| SHA1 | 09b89d917222114b82ac1c3476ee31e01c33842d |
| SHA256 | 0885d7ea48192a21d5f37597315c961f6f6a569a4c79080c3229e3c443239efa |
| SHA512 | 54f8737e7d3139b654860ae0aed9ec28d5c2049b1e76bff244f8524196c4516023a7cf69b03e4151106eba7145f7c8ad5ae5c2cd62d96cf959e97071aa1b85d9 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.sys
| MD5 | a8071a473dcf9147820fa684fe725ac9 |
| SHA1 | 33bffd62c5555692d3d314ba211b40414f5f580a |
| SHA256 | f377895a45410c5585c27ffb7a44b68b1002985f0c03f562b4b21ff6399f8eca |
| SHA512 | 436af1b9bef2cadfd1ece3215cae1662217f4f2e5a299f4773db6748c6e26a78c3957a2e314c4faa22b930b08b811210b25e176f3a985ec0d9322d66077d4250 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetLwf.inf
| MD5 | d284b3ebd57e803451aee5aa7d07d496 |
| SHA1 | 4cf6e3f2984fadbd2fe71c6a0d403b2e5c2cc759 |
| SHA256 | f2eb223b9f3eb6383bbbfea0b195f3672e8492041d8bfe89505f2f3cc7d462bc |
| SHA512 | c11de75732b67fa2bbb695e60c0c7f75a52cabad86c58d72a05b4f6fca56bb886bf9451f6ef5abcb91c3e65f195176c45eff15846ccc60e7f782fe725685b5ee |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetlwf.cat
| MD5 | 6744dc4f16200c37a96cc3a0e5556285 |
| SHA1 | e338196e4af4d5a19b42a2a03cb98447625673d2 |
| SHA256 | 5aa222dfd3ab9f7316c1c39441946973ab801c00763375a90cf7532b592c4086 |
| SHA512 | ba89277be0f910184f0a72a1b0f1d7aae2e540775e86d48f42ab9074e58b7ff6c3b2cf4c717d3d1923f7ff10886a76bf926ebd6189872c6c3fca799fb74b0213 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.sys
| MD5 | 565d6d7e77d6fd5be5ef21fa8188a652 |
| SHA1 | 02bbb60161ac4da75ced5257633b52462baeb908 |
| SHA256 | 8517e15ed543bc12a940b03ac5da50c63af1173813640bb1569ec62e45073584 |
| SHA512 | 7f4763249278e8c89559d0b32646ced82107b440a9819cf9ba967a0cc749114f02f45ce393ab89a07bdc89d6febe047304d5d2e85fa8ebf48cacde814e3dd2f1 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMNetAdp6.inf
| MD5 | 127d117df95f3a294b254f65ca929340 |
| SHA1 | 49f365425911dcfb17ce8f08aa156a66878f0e4b |
| SHA256 | 6421fe11bfd94be2a659b4a39483dd71d0c983de9d26caeb22ce92d0d224f39f |
| SHA512 | 13e9ee1496af276ae37e8dc236a48109e06b0b044fe05d88415939d3a1db0076a0c95cd7c88e715ac4df01603dd3808a6bf21ccf1ab19895b782b2f91f32f08f |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmnetadp6.cat
| MD5 | cab436e5abe7f446f8848dea729679e1 |
| SHA1 | 6c6175df099341fdd9a67cce631e2fe55fb1dc2c |
| SHA256 | ff9525380df941cb1bd07fd72f27882db4b96699d9b785e4c3078b3cbd6ae618 |
| SHA512 | 15b3c72e20e3c1dd1f184e6bd6b8541efc798e7d57878bcab44bcd46f8d30593faf83596d5d1e0862558cfd316d5f1967be912056efd0582521548e9c963a9bb |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.sys
| MD5 | 55879de9dca1782537ae1064b2760007 |
| SHA1 | f5ad275c3ed5bd8baa829edfe008b626e49f42b4 |
| SHA256 | a9bb3be7ce97d0f4ecb78788ffbff7379ab0f7548715049b59a587ded1e8dfb7 |
| SHA512 | d8efac11593638fb2baadc7d173113601d3da3aa30efa0af3d295e8f814642bfe81cee7bbece2426ccccda48ecf1969f9de04fb54b44f185ff2f9f740178eb98 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDrv.inf
| MD5 | 2741226667bdcd9e759f536756f56eda |
| SHA1 | cf437c8a63ce26b0e2a573409c976fa1f7c629c1 |
| SHA256 | 82606488633ca10859a8a80d00be705a08509b35a9c02aef8b3dc70335bdaa93 |
| SHA512 | 774699f466a423eb24c1d3b5ed45f49e2eac8f931fc7ca825d14a10a19402e3fd95ebdb5c7c2cfee6a4aa6219ffc157c09a222512fb7b3cef888756c1c12c810 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\mumuvmmdrv.cat
| MD5 | 838ca6cdba04a33267a12f9af842154c |
| SHA1 | a85f476eec0f129676a5552e8984fe9ace437118 |
| SHA256 | f10c1616e67f2f9d4ccc15e59ee3df8e6413129f6905db6aa84d9ffe7e7fe662 |
| SHA512 | 3c522db4d5e835d8fd342ce65f0ec876b3e20dff1c9fd7044b04cf1a0f7fa9c7b8766bbbc8ca71a25c64a7e3ffdbc8a04c7b110494ec440806961439b5b9ae34 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\win7\MuMuVMMDDR0.r0
| MD5 | f4ed8c30dd14afd80baf61af4f8aef5c |
| SHA1 | e3d6f1480131e932c1473c6b1d4bec6ec6c2aaf1 |
| SHA256 | c65929b0e12123e079114fc67e6052e03de5934fb65429d637b6242fb021c5b3 |
| SHA512 | 922862e372048f29d4eb39c0a2e5fc921e6643e454825f476cfb98780b3d02181b91a9b6f5590d5f4206d7de391aeb6e5e3b72a8a9ca321b77bfc10d9040a3e8 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\VBoxEFI32.fd
| MD5 | 26b623e43df7cae3bd321164407c3e35 |
| SHA1 | 64ec6d9498e488d85a9161dda25ddcad7fe61e9d |
| SHA256 | 0ebd5e6f19f87499719bfdd5827444667eba1a43b35a584052886bca72ef99dc |
| SHA512 | c8e586c0bb46ba3fad49e57da85d0228f716094e31e216b82d3ef94a438f3254227466c0beb2903e51ff5c3a3cbbc9551f0f7097e2b1d2845f34988d76fac16d |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\hypervisor\vbox-img.exe
| MD5 | 258a8fdbfd2097c1eaf174544c40b193 |
| SHA1 | 80c0565244c49b9c2ac69e72e72e2bb23e625fb8 |
| SHA256 | 730ce3b17a58e26bdccafc9a929738e2f204bdc57281918d62cd9845531391a0 |
| SHA512 | c7e98caf9e0b5db6364a20bf6b518172524e4edaaaf3041ed00399cf57ac4474d95c0094596bc8b0447d88cc27c6c4d1995f2dc034535717fd86d755a0bf1f24 |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeforeScStart.log
| MD5 | 0649d4c069fb3136de50d9ebe44b7cac |
| SHA1 | a58bf5d93120eb91eab5ad7af282c99c0e36c4ba |
| SHA256 | aba93de5e732f49ecdd398b49f44752478a6ba279222bfce8b622a37124fbcf5 |
| SHA512 | 829daae9029c6741c06374f2b7f642e88d3f5707d7eb9ef45692a16d1a05f8d6f66305ddf51a222a8748157317f76c5115cbf1bcce0cbbb4b0c4e56a50813854 |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-HypervisorDriverUninstall.log
| MD5 | abdafce361b743ce2b265c8fa2b9c1ae |
| SHA1 | dad27f32a35288ec4dd75115e2b73932968c0241 |
| SHA256 | 54aa3c35d1230b46f7b3db82936b288312f7b1ce654a77252d170c5f38aa9124 |
| SHA512 | fcb6f7c029dd38cee4d83af4af4a0942c94af053c2e69f32566ab214febb413509876c79cf0450d7a0f81b167994aa15f2d861c3d55ebcafdabef2fb9315a939 |
C:\Users\Admin\AppData\Local\Temp\nemux\MuMuPlayerGlobal-12.0\nemux-scQueryMuMuVMMDrvBeginUninstall.log
| MD5 | 6bbcfd360c0797e6650f0d3cb1c36109 |
| SHA1 | e22b5f6a4654134d687a3908464e67faa23d84ff |
| SHA256 | df023ca139e8dcb21f0d4a603b34af95f980c1e388c97e4735dd698d0329113c |
| SHA512 | 0281c1cc1b104c73f130068a905e37b75f3c3a40884d3e2cc421aeaf6a3c6b938393894fe750fa7de44b9d0a25f9b3c11bb386fd133b3d710a549632ed9ea604 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml
| MD5 | 5435f060331a523b9e5db9c9957756aa |
| SHA1 | e0f07b59a0ac83b7cea1716cdae4a59aeafa396b |
| SHA256 | 91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d |
| SHA512 | 536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187 |
C:\Program Files\Netease\MuMuPlayerGlobal-12.0\temp\shell\Shell\qml\QtQuick\Controls.2\designer\TabButtonSpecifics.qml
| MD5 | e6dd3db4f8a582e30f07b77e801428f0 |
| SHA1 | d207e34278440fc9b47c6480a47fef13870ffff6 |
| SHA256 | a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372 |
| SHA512 | f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea |
C:\Users\Admin\AppData\Local\Temp\nemux-downloader-31784948-a9e8-4c4e-8333-62d6645025d8.log
| MD5 | 74459184c4723f9762e3c07884d06cb8 |
| SHA1 | ed970cf1b5fa51daead9baa5106fbf8109597188 |
| SHA256 | 75618fa4adae1f93b009a99f1736a022a39490a65090cdd5a2a7c7574e4c01b6 |
| SHA512 | 1a416fb2027075483100c675b32b0d6dfccc5a6b0622c71eca2b2a3184add0c0b41bbe6240150bd72822cbd3aa7af198a769aa1809e99e8cd49c5fabd09b4884 |
memory/3892-3835-0x0000000000A60000-0x0000000001015000-memory.dmp